Not  the  way  to  San  Jose  Scandal  over  $8  million 

VoIP  contract  holds  lessons  for  municipal  U  buyers.  PAGE  8. 


Spy  threat 


Insidious  scourge  of  the  'Net  spyware  has 


IT  shops  turning  to  new  tools  to  fight  back.  PAGE  21 . 
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Blade  servers 
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Face-Off:  Dave  Driggers,  CEO  of 
Verari  Systems,  says  blades  are  a 
perfect  fit  for  today’s  data  center. 
Not  so  fast,  counters  Jay  Adelson, 
CTO  of  Equinix. There  are  still 
questions  about  reliability  and  cost. 
DocFinder:  2430 


Buyer’s  guide:  Blade  servers 

DocFinder:  3326 


With  hardware  vendors  such  as  IBM,  HP  and  Sun 
throwing  their  weight  behind  blade  servers,  they  are 
poised  to  make  significant  inroads.  —  ^ 
Cutting-edge  users  like  Peter 
Bowman,  CIO  of  Nations  \ 

Holding  Group,  are  reaping  V-  \  i 

the  benefits.  Page  35.  llif  [ 


Clear  Choice  Test: 

We  tested  blades  from 
IBM,  HP  and  RLX  for  raw 
performance  and  manage¬ 
ment  features.  Page  37. 
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Windows  users  put 
on  defensive  by  SP2 


■  BY  JOHN  FONTANA 

Companies  that  use  Microsoft’s 
Automatic  Updates  feature  will 
have  io  install  desktop  blockers 
to  thwart  the  delivery  and  instal¬ 
lation  of  Windows  XP  Service 
Pack  2  this  week. 

With  Microsoft  having  changed 


its  policy  to  deliver  service  packs 
through  Automatic  Updates, 
users  that  have  the  mechanism 
activated  now  must  defend  their 
desktops  in  order  to  have  time  to 
complete  testing. 

IT  departments  are  going 
through  rigorous  testing,  at  Micro¬ 
soft’s  request,  to  figure  out  which 


applications  XP  SP2  might  break. 

IT  executives  inundated  Micro¬ 
soft  with  complaints  about  the 
automatic  upgrades, which  forced 
Microsoft  to  create  an  ad  hoc 
team  that  worked  five  days  to  de¬ 
vise  a  solution.The  team  came  up 
with  a  registry  key,  which  prevents 
See  Microsoft,  page  14 


FDA  reads  riot  act  to  device  makers 


■  BY  DENI  CONNOR  AND 
ELLEN  MESSMER 

AUSTIN,  TEXAS  — 
Amid  growing  con¬ 
cern  about  security 
in  hospital  patient- 
care  systems,  the  fed¬ 
eral  agency  that  reg¬ 
ulates  medical  de¬ 
vices  last  week  announced  a  get- 
tough  policy  to  improve  equip¬ 


ment  safety 

Medical  devices  such  as  ultra¬ 
sound  and  radiology  systems 
often  rely  on  commercial  off-the- 
shelf  software,  including  Windows 
and  Unix,  that  requires  continu¬ 
ous  patching  for  security  But  in- 

■  Microsoft  addresses  medical- 
device  issues.  Read  Ellen 
Messmer's  Security  Notes  column 
online  at  www.nwfusion.com, 
DocFinder:  3361. 


creasingly  hospital  IT  administra¬ 
tors  are  voicing  complaints  that 
manufacturers  are  failing  to  patch 
Windows-based  equipment 
quickly  or  at  all,  which  then  fall 
prey  to  computer  worms.This  not 
only  disrupts  hospital  operations 
but  poses  a  potential  safety  haz¬ 
ard  to  patients. 

Hospitals  are  calling  on  the  U.S. 
Food  and  Drug  Administration 

See  FDA,  page  51 


A  Wider  Net 


Still  no  word  from  ET 

Five  years  and  5  million  networked  PCs  find 
no  sign  of  extraterrestrials.They'll  keep  looking. 

■  BY  PHIL  HOCHNIUTH 


M 


ulder  and  Scully  made  it  look  so  easy  An  alien  hunt  has  been 
underway  for  more  than  five  years  using  the  worlds  largest 
grid  supercomputer  —  5  million  Internet-linked  PCs  —  as  part 
of  a  project  called  SETI@Home.The  project,  run  by  the  University  of 
California  Berkeley  harnesses  unused  CPU  cycles  to  comb  through 
deep-space  radio  noise, searching  for  signals  from  extraterrestrials. 

See  SETI@Home,  page  52 
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Up  with  capacity.  Down  with  complexity.  HP  StorageWorks 
Enterprise  Virtual  Array  combines  disk-array  storage  with 
the  ability  to  pool  resources,  making  it  easy  to  oversee  and 
control  vast  amounts  of  information.  Virtualization  ensures 
capacity  is  dynamically  expanded,  giving  you  the  most 
efficient  use  of  space  without  disrupting  service. 

Now  information  has  room  to  breathe,  and 
your  business  has  room  to  change. 
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Solutions  for  the  adaptive  enterprise. 
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IF  YOU’RE  LOOKING 
THE  TRUE  HEART  OF  YOUR  SERVER, 
MUST  LOOK  DEEPER  THAN  THE  CPU 


Hidden  inside  your  servers  are  chips  pumping  data  through  your  entire  network— quickly,  reliably  and  seamlessly.  Broadcom’s  ServerWorks™ 
System  I/O™  chipsets  provide  the  top  5  server  manufacturers  with  the  industry’s  most  advanced  technology  for  IA-32  systems1. 
Technologies  such  as  memory  mirroring  with  hot-plug  capabilities,  which  allow  on-the-fly  swapping  of  your  server’s  RAM,  reliably  keep 
your  data  flowing  and  your  business  operating.  In  fact,  our  server  chips  offer  twice  the  data  bandwidth  of  our  nearest  competitor,  and  are 
the  only  to  boast  integrated  dual-port  Gigabit  Ethernet.  With  Broadcom  in  your  servers,  you’re  prepared  for  the  ever-increasing  throughput 
requirements  of  next-generation  networks. 


Read  how  to  utilize  Broadcom®  chips  as  the 
catalyst  that  drives  your  network  performance 
to  new  heights.  Download  our  white  paper, 
“Next-Generation  Server  Technology:  The  Key 
to  Speed,  Productivity  and  Reliability,”  now  at 
www.gobroadcom.com/servers 


Broadcom*  the  pulse  logo,  Connecting  everything*  ServerWorks.™ the  ServerWorks  logo 
and  System  I/O™  are  trademarks  ol  Broadcom  Corporation  and'or  its  affiliates  in  the  United 
States  and  certain  other  countries.  AM  other  trademarks  are  the  properly  of  their  respective 
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8  Cisco  dampens  growth  prospects  despite  record  fourth  quarter. 
8  San  Jose  scandal  highlights  issues  in  government  buying. 
10  Wireless  technology  sparks  vendor  activity. 

10  HP  focuses  on  enhanced  virtualization. 

12  Alcatel  launches  switch  security  strategy. 

12  Oracle  boosts  business  applications. 

14  WholeSecurity  sets  trap  for  eBay  phishing. 


T 


In  this  Technology  Insider,  we  talk  to  cutting-edge  users 
like  Peter  Bowman,  CIO  of  Nations  Holding  Group,  who 
are  reaping  the  benefits  of  blades.  Page  35. 

We  tested  blade  server  platforms  from  IBM,  HP  and  RLX  for  raw  performance  and  management 
features.  IBM  is  our  overall  winner  but  the  HP  and  RLX  blades  had  a  strong  showing.  Page  37. 


■  51  Vanquish  fights  the  economics  of  spam. 

■  52  Infrastructure  spec  for  Web  services  lands  at  W3C. 
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Online  Face-Off:  Dave  Driggers,  CEO  of  Verari  Systems,  says  blades 
are  a  perfect  fit  for  today's  data  center.  Not  so  fast,  counters  Jay  Adelson, 
founder  and  CTO  of  Equinix.  There  are  still  questions  about  reliability  and  cost 
savings.  See  www.nwfiision.com,  DocFinder:  2430.  Also  check  out  our  buyer's 
guide  at  DocFinder  3326. 


■  17  Utility  company  powers  up 
savings. 

■  17  Quintum  helps  put  PBXs  on 
VoIP  nets. 

■  18  Adtran  dishes  up  another 
penny-pinching  router. 

■  18  Vendors  target  remote- 
access  security. 

■  19  Kevin  Tolly:  Lookout  for 
Outlook. 

■  20  Special  Focus: 

Linux  makes  inroads  with  Novell 
users. 


■  26  Check  Point  Software  primps 
for  small  firms. 

Technology 
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■  27  Network  modeling  detects 
anomalies. 

■  27  Steve  Blass:  Ask  Dr. 

Internet. 

■  30  Mark  Gibbs:  A  few  tools, 
a  technology,  some  cool  software. 

■  30  Keith  Shaw:  Cool  tools, 
gizmos  and  other  neat  stuff. 
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■  21  On  the  lookout  for  spyware. 
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■  32  On  technology:  A  matter 
of  life  and  death. 


■  22  Scott  Bradner:  PCC 

chooses  middle  road  on  'Net 
wiretapping. 

Service  Providers 

■  23  Level  3  snares  big  IP  VPN 
deal. 

■  24  Johna  Till  Johnson: 

Security  today  means  playing 
'defense-in-depth.' 


■  33  Chuck  Yoke:  Training  for 
convergence. 

■  33  Howard  Anderson: 

Living  on  the  edge. 

■  54  BackSpin:  Leashing  the 
dogs  of  law. 

■  54  'Net  Buzz:  Phishing  is 
undermining  the  value  of  e-mail. 

■  47  Career  classifieds. 


Management 

Strategies 


ZyAir’s  USB  adapter  can 
act  as  a  wireless  bridge 
between  computers,  but 
setup  is  cumbersome.  Page  30 


■  40  Technology  testers:  Special  IT 
teams  evaluate  new  technology, 
determine  business  benefits  of 
deployment. 
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Exclusive 

Columnists 

Network  World  Fusion  Radio 

Get  the  inside  scoop  on  hot  technology  issues,  such  as  inexpensive 
servers,  Wi-Max,  network  security  design  and  more.  Stream  the 
sessions  to  your  desktop  or  download  them  as  MP3s  for  later  use. 

DocFinder:  3346 

The  Wireless  Wizards 

Stop  the  interference 

The  Wizards  help  a  reader  who  asks:  "What  are  the  five  top 
interferers  in  the  Wi-Fi  spectrum?" 

DocFinder:  3347 

You've  got  the  Power  Survey 

Spread  your  influence  by  casting  your  votes  in  this  first-of-its-kind 
survey  gauging  crucial  questions  of  industry  power,  from  executive 
hairstyles  to  comedic  appeal. 

DocFinder:  3236 

Telework  Beat 

Election  season  plays,  Part  1 

Net.Worker  Managing  Editor  Toni  Kistner  examines  President 
Bush's  call  for  workplace  flexibility. 

DocFinder:  3348 

2004  Salary  Calculator 

Are  you  making  what  you're  worth?  Input  some  details  about  yourself, 
and  well  tell  you  if  you  earn  as  much  as  your  peers. 

DocFinder:  3237 

Small-Business  Tech 

Analyze,  support,  grow,  Part  1 

Columnist  James  Gaskin  shows  small-business  owners  how  to 
find  their  technology  identity. 

DocFinder.  3349 

Gall  for  Nominations:  2004  Network  World 
Reader-Recognition  Awards 

Send  in  your  choices  for  the  2004  Extended  Enterprise  Innovator 

Award  and  the  2004  User  Excellence  Award. 

DocFinder:  2747 

HomeLAN  Adventures 

Highs  and  lows  with  Apple's  AirPort  Express,  Part  1 

Columnist  Keith  Shaw  says  it's  a  cool  tool  but  wasn't  exactly 
plug-and-play. 

DocFinder:  3350 

Seminars  and  Events 

Breaking  News 

Go  online  for  breaking  news  every  day.  DocFinder:  6342 

Free  e-mail  newsletters 

Sign  up  for  any  of  more  than  40  newsletters  on  key  network  topics. 

DocFinder:  6343 

■  CONTACT  US  NetworkWorid,  118Turnpike  Road,  Southborough, 
MA  01772;  Phone:  (508)  460-3333;  Fax:  (508)  490-6438; 

E-mail:  nwnews@nww.com;  STAFF:  See  the  masthead  on  page  12 
for  more  contact  information.  REPRINTS:  (717)  399-1900 

Weekly  Webcast  Newsletter 

Our  weekly  newsletter  delivers  information  on  Webcasts  on 
Network  World  Fusion  —  your  24-7  source  for  solutions 
and  strategies,  with  links,  resources  and  answers  you 
need.  Covering  topics  such  as  security,  applications  and 
wireless,  our  Webcasts  are  focused,  single-topic  briefings 
from  technology  experts. 

DocFinder:  2542 

What  is  DocFinder? 

We’ve  made  it  easy  to  access  articles  and 
resources  online.  Simply  enter  the  four-digit 
DocFinder  number  in  the  search  box  on  the 
home  page,  and  you’ll  jump  directly  to  the 
requested  information. 

SUBSCRIPTIONS/CHANGE  OF  ADDRESS:  Phone:  (508)  490-6444; 

Fax:  (508)  490-6400;  E-mail:  nwcirc@nww.com; 

URL:  www.subscribenw.com 
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■  Th  Good  BadTheUgly 


Big  Blue  bulks  up 

■  IBM  last  week  said  its  hiring  a  lot  more  employees  than  original¬ 
ly  planned.The  vendor  boosted  its  forecast  for  the  year  from  10,000 
up  to  18,800  new  hires,  two-thirds  of  whom  are  destined  for  IBM’s 
global  services  division.  Driving  the  hiring  spree  is  growth  in  areas 
such  as  Linux  services,  grid  computing  and  business  transforma¬ 
tion  services.  The  most  popular  position  being  filled  is  consultant, 
followed  by  IT  architect,  software  engineer,  sales  staff  and  project 
manager.  IBM  expects  to  close  the  year  with  more  than  330,000 
employees  —  its  largest  head  count  since  1991,  when  the  IBM  pop¬ 
ulation  topped  344,000. 

Leucadia  gets  green  light  on  MCI 

■  The  Department  of  Justice  will  not  stand  in  the  way  of  Leucadia  National  if  it  decides 
to  buy  at  least  50%  of  MCI’s  stock.  Last  week  the  federal  government  let  a  deadline  pass 
without  action,  essentially  letting  the  companies  move  ahead  with  any  stock  purchase 
plans.  Leucadia,  a  holding  company, sought  permission  in  July  to  purchase  at  least  50% 
of  MCIs  stock.  But  at  press  time  Leucadia  has  yet  to  make  a  formal  offer  to  take  over  MCI 
or  buy  a  large  chunk  of  the  company’s  stock.  If  Leucadia  does  start  a  hostile  takeover 
bid,  MCI  can  activate  its  “poison  pill.”  In  April  the  company  adopted  a  Shareholders 
Rights  Plan,  which  lets  MCI  make  common  stock  available  to  its  shareholders  at  a 
reduced  price  if  another  company  acquires  more  than  15%  of  MCI’s  stock. This  would 
make  the  acquisition  more  expensive  for  the  acquirer. 

HP  sacks  3  execs  after  weak  sales  quarter 

■  HP  fired  three  major  sales  executives  last  week,  including  former  server  group  head 
Peter  Blackmore,  in  a  management  shakeup  after  a  disappointing  quarter  for  HP’s  serv¬ 
er  division.  Blackmore  was  executive  vice  president  of  the  Customer  Solutions  Group, 
which  was  formed  last  December  to  manage  direct  sales  to  enterprise  and  public  sec¬ 
tor  customers  worldwide.  Jim  Milton,  CSG  senior  vice  president  and  managing  director 
of  the  Americas  region,  and  Kasper  Rorsted,  CSG  senior  vice  president  and  managing 
director  for  the  Europe,  Middle  East  and  Africa  region,  also  were  dismissed.  Chairman 
and  CEO  Carly  Fiorina  announced  the  changes  in  an  e-mail  to  HP’s  employees,  which 
was  then  sent  to  the  media.  HP’s  Enterprise  Servers  and  Storage  Group  suffered  through 
a  painful  second  quarter,  Fiorina  said  in  HP’s  second-quarter  earnings  conference  call. 
(See  more  on  HP’s  plans,  page  10.) 


“OK,  OK,  good  —  1  now  understand 
what  you  do  all  day.  Now  these  two 
guys  can  pack  everything  up  and 
ship  it  to  India.” 
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We  outsource  the  captions 

to  you  in  our  Weekly  Caption  Contest.  Follow  the  lead  of  our  latest 
winner,  Bob  Strusa,  by  sending  in  your  caption.  New  contests 
start  every  Monday  at  www.nwfusion.com/weblogs/layer8/ 


JllStiC6  Served.  A  San  Diego  company  called  D  Squared  Solutions  has 
managed  to  avoid  a  courtroom  joust  with  the  Federal  Trade  Commission  by  agreeing 
to  no  longer  send 
pop-up  ads  to 
consumer  PCs. 

What  were  they 
pitching? ...  A 
pop-up  blocker.  > 
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No  rest  for  the  wicked.  Turns  out  spammers  —  and  the  ISPs  that 
do  battle  with  them  —  are  weekend  warriors.  According  to  e-mail  marketers  Return 
Path,  the  bulk  of  spam  is  sent  between  10  a.m.  and  2  p.m.  on  Saturdays  and 
Sundays.  ISPs  respond  by  tightening  spam  filters  during  those  time  periods,  meaning 
messages  are  10%  less  likely  to  find  their  intended  in-box,  the  company  says. 

Fear  grips  Valley.  On  average,  18%  of  Americans  fear  losing  their  jobs, 
according  to  a  July  survey  by  staffing  firm  Hudson  Highland  Group.  In  Silicon  Valley, 
that  number  is  27%.  Guess  the  tech  recovery  has  a  ways  to  go  yet. 


Survey:  86%  of  spam  starts  in  U.S. 

■  Almost  86%  of  spam  sent  to  1 ,000  corporations  between  May  and  July  came  from  U.S. 
spammers,  according  to  a  survey  by  e-mail  security  tools  vendor  CipherTrust.  While  U.S. 
IP  addresses  made  up  only  28%  of  the  spam-sending  addresses  in  CipherTrust’s  survey, 
those  U.S.  addresses  sent  out  more  unsolicited  commercial  e-mail  than  spammers  from 
other  nations,  according  to  the  company.  In  contrast,  nearly  29%  of  the  IP  addresses 
sending  out  spam  during  the  three-month  survey  were  in  South  Korea,  while  only  3%  of 
the  spam  came  from  there. The  survey,  which  sampled  about  5  million  pieces  of  spam 
sent  to  1,000  CipherTrust  customers,  runs  counter  to  some  other  surveys  and  some  crit¬ 
ics  of  the  CAN-SPAM  law,  who  suggested  a  U.S.  law  would  have  a  limited  effect  because 
of  the  amount  of  spam  that  comes  from  outside  the  U.S. 

Teen  faces  jail  term  for  spreading  Blaster 

■  A19-year-old  pleaded  guilty  in  a  Minnesota  federal  court  on  last  week  to  spreading 
the  W32.Blaster-B  worm  over  the  Internet.  Jeffrey  Lee  Parson  of  Hopkins,  Minn., said  he 
was  responsible  for  creating  and  unleashing  the  worm,  which  affected  thousands  of 
computers  worldwide.  He  faces  one  count  of  intentionally  causing  or  attempting  to 
cause  damage  to  a  protected  computer  in  connection  with  the  release  of  the  worm. 
Parson  could  face  between  18  and  37  months  in  prison  and  pay  millions  of  dollars  in 
fines.  Sentencing  is  scheduled  for  Nov.  12.  Parson  was  tracked  down  last  year  by  a  joint 
federal  task  force  that  involved  members  of  the  FBI  and  the  Secret  Service. 


For  25  years,  we've  walked  the  line  between  next  and  now  to 
develop  innovative  telephony  and  contact  center  solutions  for 
some  of  the  largest  (and  smallest)  companies  in  North  America. 
Converged  and  pure  IP  telephony  networks  that  are  reliable, 
flexible  and  scalable  -  ideal  for  5  or  500,000  employees. 
Productivity  applications  like  unified  messaging  that  drive 
communication  from  anyone  to  anywhere  at  anytime.  Powerful 
contact  center  solutions  that  provide  the  flexibility  and 
structure  to  turn  a  customer  call  into  a  meaningful  connection. 

EADS  TELECOM.  DELIVERING  WHAT'S  NEXT. 

1-800-468-3945 

www.eadstelecom-na.com/next 
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Cisco  dampens 
growth  prospects 
despite  record  Q4 

■  BY  JIM  DUFFY 


The  holidays  might  be  a  little  less  bright  this  year  if  Ciscos  financial 
outlook  is  any  indication. 

The  company’s  “record-breaking”  fourth  quarter  was  tempered  by  a 
caution  going  forward  as  customers  rein  in  spending  on  network  equip¬ 
ment  because  of  a  weak  economy  and  election  year  uncertainty 

Cisco  recorded  the  highest  net  income  and  earnings  per  share  in  its 
history  for  the  fourth  quarter  that  ended  July  31,  but  the  company  gave 
a  downcast  preview  for  the  first  quarter  of  fiscal  2005,  citing  lessened 
optimism  and  decreased  spending  among  customers,  mainly  because 
of  macroeconomic  factors  such  as  the  gross  domestic  product  (GDP). 

“Whenever  the  GDP  increases  or  decreases,  there’s  a  corresponding 
[response]  in  capital  spending,” says  Cisco  CEO  John  Chambers. 

Chambers  says  Cisco  bases  its  own  guidance  on  that  of  its  customers. 
If  they  are  a  little  more  cautious  in  their  optimism  on  their  business 
prospects,  he  says,  so  is  Cisco. 

Cisco  expects  revenue  to  be  flat  to  up  only  2%  for  the  first  quarter  of 
fiscal  2005,  which  began  Aug.  1. That  falls  short  of  estimates  from  some 
analysts,  such  as  UBS  Warburg, 
which  forecasted  Cisco’s  revenue 
to  increase  3%  in  the  first  quarter. 

“Management  suggested  that 
corporations  have  become  a  bit 
more  cautious  from  a  quarter  ago, 
suggesting  a  more  moderate 
growth  outlook  than  when  Cisco 
entered  the  quarter,”  Nikos 
Theodosopoulos,  an  analyst  at 
UBS  Warburg,  wrote  in  a  bulletin. 

“Our  own  checks  with  networking 
industry  salespeople  also  suggest 
a  slowing  outlook  going  into  the 
second  half  of  the  year  than  a  few 
months  ago.” 

The  recent  indicators  of  a  slow¬ 
down  might  counter  analyst 
research  released  in  the  first  half 
of  this  year  that  generally  showed 
an  IT  spending  increase  of  5%  or 
more  by  companies  in  2004  over 
2003. 
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Despite  increased  sales, 
Cisco  has  concerns 
about  maintaining 
momentum. 
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“You  just  see  a  lot  of  projects  postponed”  because  of  the  economy 
says  Zeus  Kerravala,an  enterprise  analyst  for  Detwiler,  Mitchell,  Fenton 
&  Graves. “People  are  trying  to  get  a  better  handle  on  what  inventory 
they  have  and  how  to  make  the  stuff  that  they  have  work  better  vs.  buy¬ 
ing  new  stuff.” 

Kerravala  says  users  are  waiting  until  after  the  election  to  re-examine 
network  investments. 

“The  uncertainty  of  what  people  are  seeing  in  the  economy  right 
now,  and  an  election  coming  up,  has  just  made  people  a  lot  more  cau¬ 
tious,"  he  says.“It’s  safer  to  make  no  decision  than  a  wrong  decision.” 

Cisco  didn’t  make  many  wrong  decisions  in  the  fourth  quarter.  The 
company  recorded  net  sales  of  $5.9  billion, compared  with  $4.7  billion 
for  the  fourth  quarter  of  fiscal  2003,  an  increase  of  26%.  Revenue  was 
up  5.4%  from  the  third  quarter  of  fiscal  2004. 

Net  income,  excluding  certain  charges,  was  $1.5  billion,  or  21  cents 
per  share,  a  penny  better  than  the  20  cents  per  share  that  analysts 
expected. This  compares  with  net  income  of  $1.1  billion,  or  $0.15  per 
share,  for  the  fourth  quarter  of  fiscal  2003,  and  net  earnings  of  $1.4  bil¬ 
lion, or  $0.19  per  share,  for  the  third  quarter  of  fiscal  2004. 

For  the  year,  Cisco  posted  net  sales  of  $22.0  billion,  compared  with 
$18.9  billion  for  fiscal  2003, an  increase  of  16.8%. Pro  forma  net  income 
was  $5.3  billion, or  $0.76  per  share, compared  with  $4.3  billion,  or  $0.59 
per  share,  for  fiscal  2003.  ■ 


San  Jose  scandal  highlights 
issues  in  government  buying 


■  BY  PHIL  HOCHMUTH 

The  scandal  resulting 
from  collusion  between 
Cisco  and  the  city  of  San 
Jose  on  an  $8  million  VoIP 
installation  highlights  how 
the  rules  differ  for  IT  buy¬ 
ing  in  the  public  and  pri¬ 
vate  sectors. 

With  taxpayer  money  on 
the  line,  IT  executives  from 
local,  county  and  state  gov¬ 
ernments  are  under  a 
microscope  designed  to 
elicit  maximum  value  for 
their  constituencies  while 
avoiding  appearances  of 
back-room  dealings. 

A  report  released  last 
week  from  the  San  Jose  city 
auditor  showed  impropri¬ 
ety  in  the  city’s  selection  of 
Cisco  for  an  $8  million  con¬ 
verged  voice/data  network 
for  the  new  city  hall. The  auditor’s  report  found  that 
Cisco  helped  city  IT  staff  design  and  plan  the  net¬ 
work  even  before  the  contract  was  put  out  to  bid, 
and  that  only  network  integration  firms  that  resold 
only  Cisco  gear  were  allowed  to  bid. 

As  a  result,  the  contract  bidding  process  will  be 
restarted,  and  vendors  offering  competitive  tech¬ 
nologies  will  be  allowed  to  bid. This  could  result  in 
delays  for  the  $388  million  city  hall,  slated  to  open 
next  spring.  Last  week,  San  Jose  CIO  Wandzia  Grycz 
resigned  under  pressure. 

“The  other  issue”  was  that  “Cisco  had  been  inter¬ 
acting  with  our  staff  during  the  procurement 
process,”  which  violates  the  city’s  municipal  code, 
says  Edward  Shikada,  deputy  city  manager  city  of 
San  Jose. 

As  a  result  of  the  auditor’s  finding,  the  IT  staff  that 
communicated  with  Cisco  during  the  bidding 
process  will  not  be  allowed  to  work  on  the  conver¬ 
gence  project. 

Additionally  the  convergence  aspect  of  the  project 
created  more  legal  gray  areas, Shikada  says.  While  the 
city  had  moved  towards  formally  standardizing  on 
Cisco  data  gear,  he  says,  that  process  wasn’t  com¬ 
pleted, and  there  was  never  mention  of  making  Cisco 
a  standard  telephone  vendor.  The  city  has  codes  for 
data  and  voice  technology  pro¬ 
curement,  but  not  converged  voice 
and  data  from  the  same  vendor. 

IT  executives  from  state  and  local 
governments  say  that  keeping  the 
process  for  IT  contracts  open,  and 
defending  technology  choices 
through  research  and  testing,  are 
keys  to  the  balancing  act  of  run¬ 
ning  good  networks  and  maintain¬ 
ing  public  trust. 

“In  the  private  sector,  it’s  easy  to 
get  things  done  quickly  in  [IT]  ” 
says  Sheng  Guo,  CTO  for  the  New 
York  State  Unified  Court  System. 

“In  the  public  sector,  you  want  to 


be  fair  and  responsible  to  the 
taxpayers.” 

Contracts  for  most  large 
technology  projects  in  cities 
and  states  must  be  put  up  for 
bid  and  advertised  in  news¬ 
papers  or  government  publi¬ 
cations. 

“We  usually  have  to  pick  the 
lower-cost  bids,”  Guo  says.This 
bidding  process  also  can  be 
long,  he  says,  adding  that  “six 
months  is  a  miracle,  and  nine 
months  if  you’re  lucky”  is  to  be 
expected  to  go  from  bidding 
to  the  start  of  work.  “A  year  is 
not  unusual.” 

Standardizing  on  one  ven¬ 
dor’s  products  can  be  done 
when  the  right  case  is  made, 
other  IT  executives  say 
“You  have  to  be  careful  to 
show  that  there  is  a  business 
need  or  advantage  for  stan¬ 
dardization,”  says  one  execu¬ 
tive  from  a  midsize  city  that  uses  all  Cisco  switches 
and  routers.  “If  you  already  have  an  installed  infra¬ 
structure  with  a  certain  vendor,  it’s  easy  to  show  the 
advantages  of  standardizing,”  says  this  executive, 
who  asked  not  to  be  named. 

Guo  agrees  with  this  strategy 

“You  have  to  create  a  proposal  showing  that  [one 
vendor’s]  products  can  perform  better  at  a  lower 
cost  —  not  only  on  the  equipment  side,  but  in 
terms  of  staff  training  and  management,”  he  says. 
The  court  system  recently  standardized  on  Nortel 
switches  and  routers,  but  uses  some  Cisco  optical 
routing  equipment  for  connecting  courthouses 
over  long  distances. 

In  the  city  of  Burbank,  Calif.,  Extreme  Networks 
switches  are  the  standard,  and  Compaq  servers,  lap¬ 
tops  and  PCs  are  used  exclusively  in  city  offices  and 
server  rooms. 

“It’s  one  thing  if  I  do  my  homework  and  I  say’Given 
our  budget  and  our  resources,  [Compaq]  will  work 
best,’” says  Perry  Jarvis,  network  operations  manager 
for  the  city  of  Burbank.“But  Compaq  didn’t  come  in 
here  and  tell  us  what  type  of  PCs  and  servers  to  buy’ 

“Lots  of  people  buy  all  [single-vendor], but  the  key 
is  in  the  way  you  do  it,”  Jarvis  says.“If  you  evaluated 
five  products,  and  your  tests  come  up  with  one  as 
being  the  best,  that’s  how  you 
make  a  case  for  standardization.” 

In  the  case  of  San  Jose,  the  city 
already  had  an  end-to-end  Cisco 
network  for  routing  and  switching 
from  a  contract  Cisco  won  in  1997, 
City  Manager  Shikada  says. 

While  the  municipality  had 
explored  the  legal  aspects  of  mak¬ 
ing  Cisco  the  standard  data 
provider  for  the  city,  not  all  the 
legal  steps  were  made  to  allow 
that.  As  a  result,  the  city  still  was 
legally  required  to  look  at  multiple 
vendors  when  making  large  pur¬ 
chases  for  new  projects.  ■ 


II  In  the  private  sector, 
it’s  easy  to  get  things 
done  quickly  in  [IT],  In 
the  public  sector,  you 
want  to  be  fair  and 
responsible  to  the 
taxpayers.  11 

Sheng  Guo 

CTO,  State  of  New  York  Unified 
Court  System 


More  online! 


Read  more  about  the  red-tape  public 
sector  organizations,  and  even  some 
private  companies  are  spinning  when  it 
comes  to  buying  IT  gear. 

DocFinder:  3360 
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ProCurve  Networking  is  pleased  to  announce  the  marriage  of  two 
wonderful  words:  Affordable  Gigabit. 


ProCurve  Networking  by  HP.  Gigabit  is  better  when  it  works  at  the  edge  (not  just  the  core)  of  your  network.  It's  better  when  it  brings  impressive  network 
performance  to  your  gigabit-enabled  PCs,  notebooks  and  servers.  And  it's  better  still  when  it  virtually  eliminates  network  bottlenecks  and  congestion— and 
does  that  at  a  truly  extraordinary  price.  So  all  your  applications,  including  high-bandwidth  apps  like  video  and  CAD,  are  delivered  to  users  in  seconds, 
not  minutes— for  cents,  not  dollars.  ProCurve  Networking.  Secure.  Mobile.  Multiservice.  And  affordable. 


HP  ProCurve  SWITCHES: 
2800,  4100  AND  5300  SERIES 


•  Open  standards  enabling  interoperability 
and  ease  of  integration 

•  Flexibility  of  stackable  or  chassis 
configuration 

•  Lifetime  warranty* 

•  Low  cost  of  ownership 

•  Legendary  service  and  support 


CALL 

800-975-7684  Ref.#l 

Trade  in  a  current  switch  or  hub  and 
save  up  to  $400  on  a  new  HP  gigabit 
switch.  Call  or  click  to  learn  more. 

CLICK 

hp.tradeups.com/procurvepromo 

VISIT 

your  local  HP  reseller 

'For  as  long  as  you  own  the  product.  ©2004  Hewlett-Packard  Development  Company,  L.P. 
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Wireless  vendors  try  defining  MIMO 


m  BY  JOHN  COX 

Two  developments  last  week 
illustrate  the  growing  frenzy  of 
interest  in  adopting  a  radio  tech¬ 
nology  that  promises  to  boost 
wireless  LAN  throughput  from 
about  20M  bit/sec  today  to  at 
least  100M  bit/sec. 

First,  a  second  industry  group 
has  filed  a  proposal,  based  on  Wi¬ 
Fi  technology  called  Multiple 
Input  Multiple  Output  (MIMO), 
with  the  IEEE  task  group  charged 
with  creating  a  100M  bit/sec 
WLAN  standard. 

Not  waiting  for  that  standard, 
wireless  vendor  Belkin  unveiled 
what  are  likely  to  be  the  first  avail¬ 
able  MIMO-based  WLAN  prod¬ 
ucts,  with  throughput  of  40M  to 
nearly  100M  bit/sec. 

Last  Friday  was  the  deadline  for 
proposals  to  the  IEEE  802.1  In 
group  charged  with  defining  the 
physical  layer  standard  that  will 
make  the  high-throughput  WLAN 
possible.  Sixty-two  “intent  to  pre¬ 
sent"  notices  were  filed,  although 
some  of  those  were  for  multiple 
proposals  from  the  same  vendors. 

Some  observers  expect  a  first 
draft  by  mid-2005,with  a  final  stan¬ 
dard  in  late  2006  or  early  2007. 
Products  likely  would  emerge 
soon  thereafter. 

MIMO  has  emerged  as  the  most 
likely  way  to  dramatically  boost 
WLAN  throughput.  It  uses  two  or 
more  antennas  to  transmit  and 
receive  data  that  is  sent  over  mul¬ 
tiple  pathways  on  a  single  chan¬ 
nel,  multiplying  the  channel’s 
data  capacity 

Last  week,  World-wide  Spec¬ 
trum  Efficiency  (WW1SE)  out¬ 
lined  a  MIMO  plan  it  submitted  to 
the  IEEE.  The  vendor  group  pro¬ 
poses,  as  the  mandatory  part  of 
an  802.1  In  standard,  using  the 
existing  20-MHz  channel  struc¬ 
ture  that  is  almost  universally 
adopted,  two  MIMO  antennas  on 
either  end  of  the  link  and  media 
access  control  layer  changes  to 
boost  the  throughput  on  a  single 
channel  to  135M  bit/sec. 


■  The  story  “The  weather¬ 
man's  WAN  man"  (July  26, 
page  48)  should  have  said  that 
one  of  NOAA's  tasks  is  to  moni¬ 
tor  carbon  dioxide.  The  global 
projection  system  is  called 
Science  on  a  Sphere. 


WWISE  members  are  silicon 
vendors,  including  Airgo,  Bermai, 
Broadcom,  Conexant  Systems, 
STMicroelectronics  and  Texas 
Instruments.  Airgo  is  the  only  ven¬ 
dor  to  ship  a  MIMO  chipset. 

Last  month,  another  vendor 
group,  TgnSync,  with  Agere,  Ath- 
eros,  Intel,  Sony  and  several  oth¬ 
ers,  unveiled  their  own  802.1  In 
proposal  (see  www.nwfusion. 
com,  DocFinder:  3354). 

Belkin  decided  not  to  wait  for 
the  802.1  In  standard  to  be  final¬ 
ized.  Last  week,  the  vendor  an¬ 
nounced  it  will  ship  in  October 
the  Wireless  Pre-N  Router  and  the 
Wireless  Pre-N  Notebook  Network 
Card,  both  based  on  Airgo’s  MIMO 
chipset  and  aimed  at  consumer 
and  small-business  markets. 

Belkin  says  its  tests  show  the 


new  products  deliver  much  high¬ 
er  throughput  at  longer  distances 
compared  with  802. 1  lg  access 
points.  At  30  feet,  the  802.1  lg  ac¬ 
cess  points  delivered  15M  to  just 
less  than  20M  bit/sec.  The  Belkin 
MIMO  router  showed  nearly  40M 
bit/sec,  the  company  says.  At 
about  130  feet,  the  802.1  lg  prod¬ 
ucts  dropped  to  1M  to  6M  bit/sec, 
most  at  less  than  5M  bit/sec.  The 
MIMO  router  dropped  also,  but  to 
about  27M  bit/sec,  Belkin  says. 

Prices  will  be  more  expensive 
than  Belkin’s  current  802.1  lg 
products,  a  Belkin  spokeswoman 
says.  The  price  for  the  MIMO 
router  will  be  $179,  and  the  note¬ 
book  adapter  will  be  priced  at 
$129.  By  contrast,  the  Belkin 
802.1  lg  Wireless  DSL/Cable  Gate¬ 
way  Router  costs  $90.  ■ 


The  MIMO  clash 

Two  vendor  groups  offer  proposals  to  IEEE  802.11n  task 
group  for  next-generation  WLAN  standard. 

The  goal:  Boost  WLAN  throughput  to  at  least  100M  bit/sec. 
Leading  technology:  MIMO. 

How  it  works:Two  or  more  transmitting/receiving  antennas, 
sending  data  over  multiple  paths  on  a  single  channel. 


Group: 

TgnSync 

World-wide  Spectrum 
Efficiency  (WWISE) 

Members: 

Agere,  Atheros,  Intel, 
Nokia,  Sony,  others 

Airgo,  Bermai, 

Broadcom,  Conexant, 
STMicroelectronics 

The  basics: 

Targeting  250M  bit/sec, 
40MHz  channel 

Targeting  135M  bit/sec, 
20MHz  channel 

Differences:  Channel  size,  mandatory  throughput  rate,  intellectual 
property  terms. 


HP  focuses  on  enhanced  virtualization 


■  BY  JENNIFER  MEARS 

Troubled  by  its  underperforming  storage  and  server  systems  business, 
HP  plans  this  week  to  unveil  new  server  virtualization  capabilities  and 
an  updated  Unix  operating  system  that  it  says  will  boost  performance 
and  make  it  easier  for  users  to  move  to  its  Intel  Itanium  line  of  servers. 

HP  plans  to  use  its  HP  World  user  conference  in  Chicago  to  highlight 
the  new  technologies,  which  bring  Unix  virtualization  and  management 
features  to  its  Itanium  servers.  HP  has  announced  plans  to  phase  out  its 
PA-Risc  and  Alpha  servers  and  standardize  on  the  Intel  platform. 

The  server  news  comes  a  week  after  HP  announced  its  third-quarter 
results  showing  increased  revenue  but  disappointing  performance  in  its 
Enterprise  Servers  and  Storage  Group.  Chairman  and  CEO  Carly  Fiorina 
estimated  that  issues  affecting  the  servers  and  storage  group  cost  the 
company  $400  million  in  revenue  and  $275  million  in  operating  profit. 

Fiorina  said  three  issues  have  dogged  the  server  and  storage  group 
during  the  quarter:  a  less-than-smooth  migration  to  a  new  order  and 


HP  World  doings 

More  than  7,000  customers  and  partners  are  expected 

to  attend  HP  World  where  HP  will  unveil  updates  to  its 

server  and  storage  offerings  that  will  be  rolled  out  over 

the  next  12  months.  Among  them: 

•  HP-UX  inversion  2,  which  will  run  on  both  PA-Risc  and  Itanium- 
based  servers. 

•  HP  Global  Workload  Manager,  enabling  automatic  resource 
allocation  across  multiple  servers  running  HP-UX  or  Linux. 

•  HP  Integrity  Virtual  Machine,  which  will  let  users  partition  Unix 
and  Linux  servers  into  as  little  as  1/20th  of  a  CPU  and  have  virtual 
machines  share  I/O  resources. 

•  HP  Serviceguard,  enhanced  to  reduce  failover  time  to  5  seconds. 

•  Secure  Resource  Partitions,  giving  users  the  ability  to  run  multiple 
applications  under  a  single  operating  system  image. 

•  HP-UX  Virtual  Partitions  for  HP  Integrity  servers,  bringing  vPar 
capabilities  from  PA-Risc  servers  to  Itanium  systems. 

•  HP  StorageWorks  EVA3000  Starter  Kit,  a  2G  byte  Fibre  Channel 
storage-area  network  bundle  to  ease  SAN  implementations. 


supply-chain  management  system  in  the  U.S.,  aggressive  discounting 
and  poor  channel  management  in  Europe,  and  significantly  lower-than- 
expected  storage  revenue. 

Several  sales  executives  were  let  go  as  a  result,  including  former 
server  group  chief  Peter  Blackmore,who  was  executive  vice  president 
of  HP’s  Customer  Solutions  Group. 

HP  intends  to  invigorate  its  server  business  this  week  with  announce¬ 
ments  including  updates  to  HP-UX  is  support  for  PA-Risc-based  HP  9000 
servers,  meaning  that  a  single  operating  system  can  run  across  both  the 
HP  9000  and  Integrity  servers.  In  addition  to  providing  an  improvement 
in  performance  of  up  to  25%  for  users  upgrading  from  HP-UX  Hi 
Version  l.the  updated  operating  system  will  enable  common  adminis¬ 
tration  across  HP  9000  and  Integrity  servers,  and  will  maintain  source 
and  data  compatibility  when  moving  to  the  Itanium  systems. 

Further,  HP’s  high-availability  software,  Serviceguard,  running  on  HP- 
UX  1  li  Version  2  will  let  users  group  HP  9000  and  Integrity  servers  into 
one  cluster. 

“HP  is  moving  towards  parity  with  the  Integrity  line  and  the  PA-Risc 
line,” says  Jonathan  Eunice, president  and  principal  analyst  at  Illuminata. 
“They’re  in  this  transitional  period  between  the  two  platforms,  and  [the 
update  brings]  97%  or  98%  equivalency  so  essentially  all  the  important 
things  you’ll  need  to  migrate  between  the  machines  will  be  there.” 

In  addition,  the  company  plans  to  announce  updates  to  its  Virtual 
Server  Environment  (VSE),a  virtualization  toolkit  based  on  its  HP-UX 
workload  manager  that  gives  users  the  ability  to  pool  resources  that 
can  grow  and  shrink  according  to  application  demands.  One 
announcement  this  week  will  be  that  VSE  will  run  on  multiple  operat¬ 
ing  systems,  meaning  that  the  virtualization  features  previously  avail¬ 
able  only  on  HP-UX  now  will  run  on  Linux. 

HP  also  plans  to  announce  a  final  update  to  its  Alpha  line  of  servers, 
which  it  plans  to  stop  selling  in  2006.  Faster  processors  will  be  available 
for  the  AlphaServer  ES47  system,  which  scales  to  two  processors,  the 
AlphaServer  ES80  system,  which  scales  to  eight  processors,  and  the 
GS1280  system,  which  scales  to  64  processors.  HP  executives  say  cus¬ 
tomers  will  get  faster  systems  for  the  same  price  as  today’s  boxes. 

Some  users,  however,  are  moving  to  the  Integrity  servers  now. 

BECU,a  credit  union  in  Tukwila, Wash. .recently  completed  the  move 
from  Alpha  Tru64  systems  running  Oracle  to  a  cluster  of  Integrity  boxes. 
Scott  Wolfe,  IT  enterprise  architect  for  BECU.says  the  initial  transition 
was  tough  because  of  the  need  to  get  up  to  speed  with  HP-UX,  but  the 
credit  union  already  is  seeing  benefits. 

“We’ve  been  able  to  reduce  our  runtime  for  batch  processes  by  about 
40%, "he  says.H 


y 
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Consider  the  dots  connected.  The  end-to-end  voice  over  IP  solution  we  designed 
for  Crate  and  Barrel  features  a  unified  IP  messaging  platform  and  the  most  advanced 
hardware  available.  The  new  system  will  save  them  a  bundle  on  maintenance,  management 
and  wiring,  while  easing  the  cost  and  complexity  of  adding  features  or  employees.  And 
it's  already  improving  productivity,  helping  over  400  associates  make  millions  of  customers 
feel  right  at  home.  To  find  out  more,  go  to  sbc.com/dots.  GOING  BEYOND  THE  CALL.* 
T  -j«  SBC  ■;$>  z:4  GOING  BEYOND  THE  CALL  3K  registered  trademarks  of  SBC  Knowledge  Ventures,  L.F.  amt'or  its  affiliates.  ©2004  SBC  Knowledge  Ventures,  L  F.  Ail  rights  reserved. 
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Oracle 

boosts 

business 

apps 

SS  BY  ANN  BEDNARZ 

Oracle  this  week  is  expected  to 
unveil  new  versions  of  its  CRM 
applications  designed  to  enable 
easier  and  tighter  collaboration 
among  the  players  involved  in  a 
corporate  sales  cycle,  from  field 
agents  and  marketing  personnel 
to  fulfillment  teams  and  channel 
partners. 

One  new  element  among  the 
CRM  modules  in  Oracle’s 
E-Business  Suite  lli.  10  is  analyti¬ 
cal  software  called  Audience 
Workbench.  With  it,  a  marketing 
manager  can  query  customer  in¬ 
formation  repositories  to  find  the 
most  promising  up-sell  targets 
and  develop  associated  market¬ 
ing  campaigns.  Then  as  market¬ 
ing  hands  off  promising  leads  to 
sales  personnel,  Workbench  pro¬ 
vides  tools  to  create  tailored 
sales  proposals. 

Also  new  to  the  suite  is  Oracle 
Sales  Coach,  which  leads  sales 
representatives  through  corpo¬ 
rate-approved  steps  to  close  a 
deal,  providing  collateral  materi¬ 
als  and  automatically  capturing 
data  for  future  sales  documents. 

On  the  integration  front,  Oracle 
embedded  its  incentive  compen¬ 
sation  software  within  its  quoting 
application  so  reps  can  see  early 
in  the  sales  quoting  process  how 
particular  product  offerings  and 
discounts  would  affect  their  pro¬ 
jected  compensation. 

These  upgrades  come  as  the 
CRM  industry  struggles  to  regain 
some  of  its  lost  luster.  After  three 
years  of  declining  license  rev¬ 
enue,  the  CRM  software  market  is 
expected  to  grow  by  3.5%  this 
year  to  $2.4  billion,  Gartner  says. 

1DC  says  Oracle’s  share  of  world¬ 
wide  CRM  application  revenue  is 
4.4%;  it  trails  Siebel  Systems 
(11.9%)  and  SAP  (6.7%).  How¬ 
ever,  Oracle  has  come  a  long  way 
toward  closing  the  technology 
gap  between  its  wares  and  com¬ 
peting  products,  says  Ian  Jacobs, 
an  analyst  at  Current  Analysis. 

Oracle’s  business  process-dri¬ 
ven  approach,  which  links  CRM 
functionality  with  other  elements 
of  its  E-Business  Suite,  is  a  good 
one,  Jacobs  says.  “In  salesforce 
automation,  it  makes  great  sense 
to  have  strong  contracts  and 
order  management  modules  tied 
into  the  CRM  piece."B 


Alcatel  switches  gain  security  support 


Alcatel  is  adding  IDS  and  anti-virus  capabilites  to  its  OmniSwitch  product 
lines. 


D  BY  PHIL  HOCHMUTH 

Alcatel  this  week  is  expected  to 
enter  the  fray  of  switch  vendors 
looking  to  help  users  block  vi¬ 
ruses  and  network  attacks. 

On  tap  is  a  new  Host  Integrity 
Check  software  bundle  from 
Alcatel  and  Sygate  that  can  be 
used  to  check  the  security  of 
PCs  and  can  quarantine  virus- 
infected  clients  into  a  secure  net¬ 
work  segment. 

Alcatel  also  is  releasing  Auto¬ 
mated  Quarantine  Engine,  which 
works  with  intrusion-detection 
system  (IDS)  products  to  identify 
network  threats  and  to  shut  off  or 
contain  a  network  attack  through 
switch  hardware. 

Alcatel’s  stackable  OmniStack 
6600  switches  and  its  modular 
7700-  and  8800-series  products 
will  use  a  combination  of  802.  IX 
authentication  technology  and 
APIs  from  Sygate  to  block  a  virus- 
infected  PC  from  accessing  a  cor¬ 
porate  LAN.This  product  package 
requires  Sygate’s  Host  Integrity 
Server,  and  anti-virus  and  client 
management  software  from  Net¬ 
work  Associates,  Symantec  or 
Trend  Micro  on  the  client  side. 

When  an  end  user  logs  on,  infor¬ 
mation  about  the  PC  is  sent  to  a 
Sygate  server,  which  checks  anti¬ 
virus  data  profiles  produced  by 


client  software  on  the  PC.  If  end 
users  are  not  up  to  date,  they  can 
be  sent  to  a  quarantine  virtual 
LAN  (VLAN)  segment,  which 
must  be  pre-configured  on  the 
Alcatel  switches. 

This  technology  is  installed  at 
Abilene  Christian  University  in 
Texas,  where  it  will  be  put  to  the 
test  next  week  when  students 
return  for  the  fall  semester. 

“The  Blaster  virus  really  rocked 
our  world  in  the  first  few  days  last 
fall  when  kids  returned  to  school,” 
says  Bob  Neville,  network  director 
at  the  university  He  says  he  and 
his  staff  spent  days  running 
around  campus,  physically  track¬ 
ing  down  students  with  infected 


machines  and  disconnecting 
them  from  the  network. 

Judging  from  tests  he’s  con¬ 
ducted  on  campus,  the  Alcatel 
products  “will  give  us  some  time 
to  deal  with  network  [viruses] 
and  intrusions  before  they  prolif¬ 
erate  and  minimize  the  damage,” 
he  says. 

Under  the  system  Neville  has 
set  up,  users  with  infected 
machines  would  be  notified  of 
their  infected  status  via  a  Web 
page  message.  The  users  then 
would  be  sent  to  a  quarantine 
VLAN  segment  where  they  are 
kept  from  spreading  the  virus.This 
network  segment  also  will  host  a 
virus  and  software  patch  server 


where  users  can  get  updated  anti¬ 
virus  definitions  and  have  their 
machines  scrubbed  before  get¬ 
ting  back  on  the  network. 

Alcatel’s  Automated  Quarantine 
Engine  adds  the  ability  to  enforce 
polices  on  network  switches 
based  on  information  gathered 
by  third-party  IDS  equipment.The 
server-based  software  can  com¬ 
municate  with  IDS  products  from 
Fortinet,  and  open  source 
SNORTJDS  servers  and  appli¬ 
ances,  to  identify  network  attacks 
and  shut  down  the  source  of  the 
attacks.  When  an  IDS  node  senses 
an  attack,  Automated  Quarantine 
Engine  is  notified  and  tells  Alca¬ 
tel  switches  to  react,  based  on 
pre-configured  policies.  Access 
control  lists  can  be  turned  on  to 
block  the  traffic,  or  to  isolate  traf¬ 
fic  into  separate  VLANs.  Auto¬ 
mated  Quarantine  Engine  also 
can  tell  switches  to  shut  down 
network  access  based  on  IP  ad¬ 
dress  or  media  access  control  ad¬ 
dress  information  on  the  attack¬ 
ing  machine,  Alcatel  says. 

The  Alcatel  products  come 
after  recent  announcements  of 
similar  capabilities  from  Entera- 
sys  Networks  and  Cisco.  Entera- 
sys’  Trusted  End  System  technol¬ 
ogy  also  uses  Sygate  products  to 
identify  untrusted  endpoints  via 
802.  IX  messaging.lt  also  includes 
server  software  for  creating  poli¬ 
cies  to  deal  with  unsecure  clients 
by  shutting  down  access  on 
Matrix  LAN  switches,  or  shunting 
traffic  to  secure  VLANs. 

Cisco’s  Network  Admission 
Control  program  uses  software 
from  leading  anti-virus  vendors  to 
inspect  client  PCs.  This  lets  a 
Cisco  router  with  a  special  IOS 
load  deny  network  access  to 
unsecure  clients.  Cisco  plans  to 
announce  the  ability  to  quaran¬ 
tine  untrusted  clients  via  802.  IX 
and  secure  VLANs  on  its  Catalyst 
switches  in  2005. 

The  Host  Integrity  Check  sup¬ 
ports  Windows  2000  and  XP 
clients,  and  will  support  Apple 
Macintosh  and  Linux  clients  next 
year.  No  additional  hardware  or 
software  from  Alcatel  is  needed, 
but  Sygate’s  Host  Integrity  server, 
which  costs  $35  to  $85  per  seat,  is 
required. 

Pricing  for  Automated  Quaran¬ 
tine  Engine  starts  at  $8,000  for 
midsize  companies  of  around 
500  to  1,000  users.  The  FortiGate 
products  Alcatel  will  offer  will 
range  from  $700  for  small  offices 
to  $30,000  for  an  enterprise-class 
FortiGate  3600  system.  ■ 


McAfee  upgrades  security 
management  software 


■  BY  ELLEN  MESSMER 

McAfee  next  week  plans  to  ship  an  updated  ver¬ 
sion  of  its  anti-virus  management  product,  eFblicy 
Orchestrator,that  adds  capabilities  such  as  intrusion- 
prevention  management  and  rogue-computer 
detection. 

Using  ePO  3.5,  security  managers  will  be  able  to 
deploy  McAfee’s  host-based  intrusion-prevention 
system  (IPS)  Entercept  out  to  desktops  and  servers, 
and  receive  event  information  on  attacks. 

“Tire  ePO  will  have  the  ability  to  generate  reports 
related  to  Entercept,  but  the  ability  to  do  configura¬ 
tion  changes  on  Entercept  won’t  be  until  the  future,” 
says  Steve  Crutchfield,  McAfee’s  director  of  product 
marketing. 

McAfee  is  aiming  to  transform  ePO, which  includes 
a  console, server  and  desktop  agents,  into  more  than 
an  anti-virus  and  IPS  management  tool. 

For  instance,  ePO  3.5  will  be  able  to  do  “rogue-sys¬ 
tem  detection”  on  the  network  to  find  PCs  that  may 
not  yet  have  been  placed  under  ePO  management 
control,”  Crutchfield  says. 

The  updated  version  also  will  be  able  to  check 


Windows-based  desktops  and  servers  to  determine 
whether  they  have  updated  software  patches. 
However,  ePO  is  not  designed  to  apply  patches,  only 
alert  managers  about  patch  status. 

Halifax  Bank  in  Scotland  intends  to  use  ePO’s 
rogue-system  detection  and  patch-detection  capa¬ 
bilities  to  locate  computers  on  its  network  that 
might  not  be  abiding  by  security  policies.  By  finding 
non-compliant  systems  and  potential  vulnerabilities 
using  ePO  3.5,  the  bank  might  be  able  to  prevent 
costly  business  disruptions  caused  by  worms  and 
other  attacks,  says  Richard  Fry  the  bank’s  malware 
defense  technical  specialist. 

The  ePO  management  umbrella  is  widening  in 
other  ways.  According  to  Crutchfield,  ePO  now  will 
be  able  to  import  information  about  new  computers 
and  users  from  Microsoft  Active  Directory  Although 
ePO  had  been  limited  to  managing  NetWare-  and 
Windows-based  anti-virus  software,  the  updated 
console  now  will  be  able  to  manage  McAfee’s  anti¬ 
virus  products  for  Linux  and  Macintosh. 

Pricing  for  ePO,  which  comes  as  part  of  the  McAfee 
Active  VirusScan  software  suite, starts  at  $38  per  user 
for  up  to  100  users.  ■ 
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With  a  wide  variety  of  leading  brands,  fast  shipping  and  knowledgeable  account  managers,  at  CDW  you'll 
find  people  who  are  dedicated  to  getting  you  the  right  technology  for  your  need-when  you  need  it. 
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Intel®  PRO/IOOO  MT  Quad  Port 
Server  Adapter 


1  Access  multiple  network  segments,  conserve 
valuable  PCI  slot  space  in  servers  and  migrate 
existing  Category-5  networks  to  Gigabit 
1  Enhance  server  performance  further  by  teaming 
connections  on  this  adapter  with  each  other, 
with  connections  on  other  Intel  PRO  Server 
Adapters  or  with  LAN-on-motherboard  components 
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$479 
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3Com  SuperStack  3  Switch  3870 


First  Gigabit  to  the  desktop  switch 
Investment  protection-1 0/1 00/1 000/1 0G 
Convergence  ready-automatic  prioritization 
of  voice  packets 

Up  to  25%  discount  on  trade  ups 


$3999 


CDW  644952 
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hp  procurve  switch  2824 


•  Cost-effective  Gigabit  ideal  for  medium  to  large 
networks 

•  Gigabit  LAN  performance  enables  full  performance 
advantage  of  existing  Gigabit-enabled  PCs, 
notebooks  and  servers 

Includes  HP  ProCurve  Manager  providing  the  ability 
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to  effectively  administer  and  manage  a  broad  " 


THE  RIGHT  TECHNOLOGY.  RIGHT  AWAY.  "  ^  CDW.com  •  800.399.4C 

In  Canada  call  800.387.21 73  •  CDW.ca 
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'Save  with  HP  ProCurve  Trade-in  Rebate  Get  up  to  $5200  per  product  returned  via  mail  in  manufacturer  rebate  with  purchase  of  qualifying  HP  ProCurve  Switch  products  offer  ends  10/31/04.  Valid  on  CDW  385165,  391627,  530935,  530458.  55771 1.  558523,  558524.  385164  Custor  ..  r,v  •:  CDW  is  ot  *he  manufacturer  of 
the  products  purchased  by  customer  hereunder  and  the  only  warranties  offered  are  those  of  the  manufacturer,  not  CDW  All  pricing  ts  subject  to  change.  CDW  reserves  the  right  to  make  adjustments  to  pnong.  products  and  service  offerings  for  reasons  including,  but  not  limited  to,  chang  g  r  "k.  cnv  • -  oduct  dtscontmuadon,  product 

unavailability,  manufacturer  price  changes  and  errors  in  advertisements.  All  orders  are  subject  to  product  availability  Therefore,  CDW  cannot  guarantee  that  it  will  be  able  to  fulfill  customer  s  orders.  The  terms  and  conditions  of  sale  are  limited  to  those  contained  herein  and  on  CDW's  Web  Sue  •_  Moi  ce  of  objection  to  and  rejection 
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Stopping  automatic  installation 

Microsoft  is  offering  options  for  blocking  automatic  installation  of  Windows  XP  SP2.  The 
block  is  effective  until  Dec.  14. 


Options 

What  is  it? 

How  it  works 

Active  Directory 

A  template  for  Active  Directory  Group 
Policy  that  fosters  disabling,  then  re¬ 
enabling  delivery  of  XP  SP2. 

Admins  target  a  set  of  desktops;  Group 
Policy  mechanism  automatically  configures 
target  systems. 

Executable  file 

A  small  program  that  accepts  one  of 
two  command-line  options  (disable 
and  enable). 

Executable  creates  new  registry  key  that 
controls  ability  to  deliver  XP  SP2  to  a  system. 

E-mail 

Link  sent  through  e-mail  to  desktops. 

User  clicks  on  link  to  install  executable.  User 
must  have  administrative  rights. 

Microsoft 

continued  from  page  1 

Automatic  Updates  from  down¬ 
loading  XP  SP2,  and  a  group  of 
three  mechanisms  for  delivering 
the  key  to  desktops  (see  graphic, 
right). 

Now  users  have  load  the  registry 
key  onto  desktops  before  Auto¬ 
matic  Updates  kicks  off  this  week 
and  begins  deploying  XP  SP2. 

“It  has  been  confusing  in  the 
sense  that  when  Microsoft  first 
announced  its  intentions  of 
pushing  out  SP2  to  Automatic 
Updates-enabled  computers,  it 
did  not  announce  that  it  would 
provide  tools  to  temporarily 
block  delivery  of  SP2,”says  Chris 
Shilt,  system  administrator  for 
The  Relizon  Company  a  docu¬ 
ment,  marketing  and  billing  ser¬ 
vice  provider  in  Dayton,  Ohio.  He 
has  2,000  desktops  with 
Automatic  Updates  activated. 

“Microsoft  should  have  made 
the  announcement  earlier,”  Shilt 
says.  “The  decision  to  post  these 


tools  is  a  realization  that  some  of 
their  customers  are  using  Auto¬ 
matic  Updates  to  patch  systems.” 

Company  officials  acknowl¬ 
edge  they  were  caught  off  guard. 

“I  was  astounded  by  the  num¬ 
ber  of  companies  that  use  [Auto¬ 
matic  Updates] ,  which  is  great,” 
says  Barry  Goffe,  group  product 
manager  for  Windows  product 
marketing  at  Microsoft. The  com¬ 


pany’s  “Protect  Your  PC”  cam¬ 
paign  encourages  users  to  acti¬ 
vate  Automatic  Updates.  “Some 
companies  had  tens  of  thou¬ 
sands  of  machines  with  [Auto¬ 
matic  Updates]  turned  on.” 

A  recent  survey  by  Web  site 
NTBugTraq  shows  that  24%  of 
Windows  users  employ  Auto¬ 
matic  Updates  to  get  patches. 

Relizon’s  Shilt  decided  to  use 
Automatic  Updates  as  an  interim 
step  as  the  company  completed 
deploying  System  Management 
Server  (SMS)  2003,  which  man¬ 
ages  patch  deployments  among 
other  features.  He  favored  Auto¬ 
matic  Updates  because  he  lacked 
the  resources  to  deploy  a  server 
running  Windows  Server  2003 
with  a  free  add-on  called  System 
Update  Services  (SUS).  The  add¬ 
on  sits  behind  a  firewall  and  auto¬ 
mates  the  acquisition  of  patches 
and  manages  deployment  inter¬ 
nally  using  Automatic  Updates. 

But  patch  management  tools 
such  as  SUS  and  SMS  or  similar 
tools  from  third-party  vendors 
aren’t  failsafe  because  many  com¬ 
panies  have  handfuls  of  remote 
sites  or  mobile  users  that  fall  back 
on  Automatic  Updates.  The  only 
way  to  ensure  XP  SP2  isn’t 
installed  by  end  users  is  to  deny 
them  administrative  rights  on 
their  own  PCs,  which  administra¬ 
tors  do. 

“We  have  some  users  with  un¬ 
managed  desktops  so  now  1  can 
use  these  new  tools  to  make  sure 
they  don’t  get  the  XP  service 
pack,”  says  Jeff  Allred,  manager  of 
network  services  for  the  Duke 
University  Cancer  Center  in  Dur¬ 
ham,  N.C.  “But  didn’t  we  hear 
when  XP  originally  shipped  that 
there  would  be  no  more  [operat¬ 
ing  system]  code  in  service 
packs?  I  guess  that  has  gone  by 
the  wayside.” 

In  addition,  as  recently  as  Dec¬ 
ember  Microsoft  said  it  would 
not  deliver  service  packs  using 
Automatic  Updates.  But  the  com¬ 
pany  abandoned  that  rule  “fairly 


recently”  for  XP  SP2,  Microsoft’s 
Goffe  says.  He  says  Microsoft  pre¬ 
ferred  to  focus  on  giving  con¬ 
sumers  the  easiest  possible  route 
to  acquire  the  security  enhance¬ 
ments  in  XP  SP2. 

“Because  of  the  value  in  secur¬ 
ing  customers  we  thought  it  was 
key  to  use  any  means  possible  to 
get  this  out,”  says  Goffe,  who  ad¬ 
ded  that  delivering  critical  up¬ 
dates  via  service  packs  will  not 
be  the  strategy  in  the  future.The 
challenge  was  to  find  the  right 
balance  and  do  the  right  thing 
for  consumers  and  for  enterprise 
customers.” 

Goffe  did  not  have  a  break¬ 
down  of  how  many  of  the 
roughly  200  million  XP  desktops 
in  corporate  settings. 

Those  caught  in  the  crossfire 
can  use  Active  Directory  log-on 
scripts  or  e-mail  to  distribute  a 
new  registry  key  to  users.The  key 
which  goes  by  the  value  name 
“DoNotAllowXPSP2,”has  a  toggle 
that  determines  if  the  machines 
will  accept  the  XP  SP2  download 
through  Automatic  Updates.  The 
registry  key  won’t  prevent  Auto¬ 
matic  Updates  from  download¬ 
ing  any  other  updates  or  patches. 

Microsoft  will  configure  its  Win¬ 
dows  Update  Web  site,  the  online 
patch  repository  used  by  Auto¬ 
matic  Updates,  to  recognize  the 
registry  key  for  120  days.  After 
that,  Windows  Update  will  be 
configured  to  deliver  the  service 
pack  to  all  Automatic  Updates- 
enabled  machines. 

“When  you  think  about  it,  it 
really  is  insane  for  Microsoft  to 
put  something  the  magnitude  of 
XP  SP2  out  as  an  automatic  up¬ 
date,”  says  John  Kretz,  president 
of  Enlightened  Pbint  Consulting 
Group,  a  systems  integrator  in 
Phoenix.  “Companies  should  al¬ 
ways  be  in  control  of  something 
of  this  magnitude.’’* 
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EBay  taps  WholeSecurity 
to  fend  off  phishers 

■  BY  CARA  GARRETSON 

WholeSecurity  has  struck  a  deal  to  help  protect  eBay’s  customers 
from  phishing  scams. 

The  online  auction  giant  is  licensing  WholeSecurity’s  Web  Caller-ID 
software,  which  detects  spoofed  sites.  EBay  will  include  Web  Caller-ID 
in  the  Account  Guard  feature  of  the  eBay  Toolbar  that  stays  resident  in 
users’  browsers,  alerting  them  whenever  they  visit  a  site  purporting  to 
be  eBay  or  its  online  payment  subsidiary  PayPal. 

Employing  technology  to  identify  phishing  threats  is  just  one  way  the 
industry  should  attack  the  problem, says  Howard  Schmidt,  eBay’s  chief 
information  security  officer  and  former  White  House  cybersecurity 
adviser.“Like  with  any  other  threats,  we’re  looking  at  what  are  the  tech¬ 
nical  things  we  can  throw  at  it  or  change  to  make  [e-commerce]  more 
secure,”  he  says. 

Web  Caller-ID  analyzes  each  Web  page  that  an  eBay  Toolbar  user  vis¬ 
its  implementing  its  “behavioral  detection”  method,  searching  for  signs 
of  spoofing, such  as  a  long  and  convoluted  URL  or  a  recently  registered 
DNS,  says  Scott  Olson,  senior  vice  president  of  marketing  with 
WholeSecurity  When  it  detects  a  spoofed  site,  the  software  blocks  the 
user  from  the  site,  produces  a  pop-up  window  explaining  that  the  site 
is  fraudulent  and  reports  the  site  to  eBay 

Unlike  other  anti-phishing  offerings,  such  as  Brightmail’s  anti-fraud 
service  that  scans  incoming  e-mail  for  links  to  known  spoofed  sites, 
Web  Caller-ID  works  within  the  browser  to  identify  fraudulent  sites.'The 
browser  is  where  the  harm  is  done,"  Olson  says.  Users  don’t  even  have 
to  enter  information  into  a  spoofed  site  to  be  harmed, he  adds, because 
many  sites  automatically  download  malicious  code  to  an  unsuspect¬ 
ing  visitor’s  PC  and  launch  a  virus  or  record  the  user’s  keystrokes. 

WholeSecurity  is  making  Web  Caller-ID  available  exclusively  through 
licensing  agreements.  ■ 


■  Will  phishing  end  e-mail  as  merchants  know  it?  Don't  be 
too  confident  that  the  answer  is  no,  says  Net  Buzz  columnist 
Paul  McNamara.  PAGE  54. 


When  taking  your  company  wireless,  foresight  is  20/20. 


1 

L 

<  Z 

HP  can  help  you  predict  the  business  benefits  of  a  large-scale  wireless  solution  without  large-scale  risks,  when 

you  envision  your  ideal  enterprise-wide  wireless  solution,  what  do  you  see?  No  doubt  security,  manageability,  scalability  and  flexibility  jump  immediately 
into  focus.  HP  can  now  offer  you  a  glimpse  into  your  wireless  future  by  helping  you  develop  a  wireless  pilot  designed  for  your  business.  Our  service 
professionals  will  help  you  build  an  end-to-end,  secure  wireless  network  using  HP  open-standards  technologies.  These  work  in  conjunction  with  a  wide 
range  of  tested,  best-of-breed  solutions  from  our  strategic  software  partners,  so  you  are  not  confined  by  a  limited  selection  of  proprietary  products.  HP 
pilots  offer  a  unique  opportunity  to  tally  the  business  benefits  of  a  well-planned  wireless  network  before  you  move  to  a  full-scale  implementation.  And  of 
course,  we'll  provide  a  wealth  of  choices,  so  you'll  be  assured  your  pilot  is  a  perfect  fit  for  your  business.  Demand  confidence  in  wireless  technologies. 
Demand  proven  cost-efficiency.  Demand  HP. 


HP  recommends  Microsoft®  Windows®  XP  Professional  for  Mobile  Computing. 
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Begin  building  a  wireless  pilot  by  visiting 
www.hp.com/go/mobility4  today. 


1-866-759-2143 


A  standard  WLAN  infrastructure,  other  Bluetootn -enabled  devices  and  a  service  contract  with  a  wireless  airtime  provider  may  be  required  for  applicable  wireless  communication.  Wireless  Internet  use  requires  a  separateiv  purcna  ^d  service  contract.  Check  with 
service  provider  for  availability  and  coverage  in  your  area.  Not  all  Web  content  available  Microsoft  and  Windows  are  registered  trademarks  of  Microsoft  Corporation  in  the  United  States  and/or  other  countries.  ©2004  Hewiet  ;  ckard  Development  Company,  LP 
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In  an  extreme  world... 
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GO  BEYOND 

WITH  EXTREME  NETWOR 


BLACKDIAMOND  H  OK,  NOT  JUST  ANOTHER  PRETTY  BOX 


Contact  Extreme  Networks  at 
1.888.257.3000  or  visit  us  on  the  i 


- 


Introducing  the  only  core  switch  platform  that  delivers  major 
breakthroughs  in  the  areas  of  scalability,  extensibility,  resiliency 
and  security.  The  BlackDiamond  10K  goes  beyond  the  expected  by 
delivering  the  industry’s  highest-density  10-Gigabit  and  Gigabit 
Ethernet.  In  addition,  4GNSS  technology  featuring  T-Flex 
programmable  ASICs  ensures  support  of  emerging  protocols 
without  costly  hardware  upgrades  —  offering  revolutionary 
investment  protection.  How’s  that  for  a  switch ? 


www.extremenetworks.com/go/10808 . 


©  2003  Extreme  Networks,  Inc.  All 
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■  LAN/WAN  SWITCHES  AND  ROUTERS 

■  ACCESS  DEVICES  ■  SERVERS  ■  VPNS 

■  OPERATING  SYSTEMS  ■  NETWORKED  STORAGE 

■  VOIP  ■  WIRELESS  NETWORKS 
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Lessons  from  leading  users 


Utility  company  powers  up  savings 


Electrifying  paper 


Ontario’s  Hydro  One  utility  company  uses  mobile  computers  and  applications 
to  eliminate  costs  of  processing  paper  and  to  improve  data  accuracy. 


1  At  the  office,  sub- 


Central  office 


station  repair  tech¬ 
nicians  download 

P 

1 

1 

P 

1 

electronic  work 

- v 

A.Ittt-. 

orders  at  start  of  shift. 

k 

Changes  are 
uploaded  to 
server  at  end  of 
shift  in  the  office 
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Laptops  and  PDAs 
store  work  orders 
and  relevant  repair 
data  as  technicians 
check  substation 
equipment,  clear 
trouble  tickets  and 
update  main¬ 
tenance  reports. 


■  BY  JOHN  COX 

A  Canadian  power  company  is  saving 
about  $500,000  using  laptops  and 
PDAs,  with  some  third-party  mobile 
applications,  for  400  field  workers. 

The  goal  of  this  mobile  computing  pro¬ 
ject  at  Hydro  One  Networks  in  Toronto, 
Ont.,  is  to  switch  from  error-prone  paper 
trails  into  fast,  accurate  digital  data  paths. 

About  300  mobile  devices  have  been 
deployed,  60%  of  them  Symbol  Tech¬ 
nologies  PPT  2800  touchscreen  PDAs, 
40%  IBM  ThinkPad  T  series  notebooks. 
They’re  being  used  by  400  of  the  600  field 
workers  who  handle  maintenance  and 
repairs  at  nearly  1,500  power  substations 
throughout  Ontario.The  pilot  testing  start¬ 
ed  in  spring  of  2003, and  additional  hand¬ 
helds  will  be  deployed  by  year-end,  com¬ 
pany  officials  say 

The  embrace  of  mobile  computing 
means  that  information  concerning  trou¬ 
ble  tickets  and  equipment  repairs  is 
updated  at  the  end  of  each  shift,  instead 
of  one  to  three  days  later.  The  data  is 
more  accurate,  says  lan  McIntyre,  man¬ 


ager  of  program  and  workforce  sta¬ 
tions  for  the  utility.  Field  workers  no 
longer  have  to  print,  fill  out,  check, 
mail  and  fax  pages  of  paper  reports. 

The  results  are  savings  in  paper  pro¬ 
cessing  and  more  accurate  mainte¬ 
nance  data. 

“We  have  almost  eliminated  all  the 
paper  processing,”  McIntyre  says.The 
utility  was  able  to  cut  two  full-time 
positions  as  a  result.  Other  savings 
were  realized  by  no  longer  having  to 
correct  data  and  eliminating  some 
ad  hoc  surveys  of  equipment  at 
substations. 

“Our  quality  measurements  showed 
about  70%  of  the  [paper-based]  re¬ 
ports  were  getting  back  to  the  system 
[on  a  timely  basis]  and  about  70%  of 
the  data  was  accurate.  Now  both  of  those 
measures  are  over  99%, ”  he  says. 

That  accuracy  and  timeliness  is  critical 
for  the  heavily  regulated  utility 

“Being  regulated,  we  have  to  make  sub¬ 
mission  to  the  Ontario  Energy  Board  for 
rate  [changes] [’McIntyre  says.“We  have  a 
set  rate-of-return  against  our  assets.To  jus¬ 


tify  investments  in  maintenance  and  ex¬ 
pansions,  we  have  to  show  the  status  of 
our  assets." The  utility  and  the  regulators 
now  have  a  clearer  idea  of  how  to  allo¬ 
cate  maintenance  resources  and  the 
costs  of  maintaining  the  transmission 
and  distribution  grid  that  covers  400,000 
square  miles. 


And  the  utility  does  it  without  the 
added  complications  and  costs  of  using 
cellular  or  wireless  LAN  connections. 
Hydro  One’s  field  workers  plug  their  lap¬ 
tops  into  the  corporate  LAN  when  they 
report  for  work,  download  the  day’s  work 
orders,  visit  substations  and  work  offline. 

See  Hydro  One,  page  19 


Quintum  helps  put  PBXs  on  VoIP  nets 


I  BY  PHIL  HOCHMUTH 


■  Apple  last  week  issued  updates  to 
its  Mac  OS  X  server  and  client  operat¬ 
ing  systems,  including  a  security  up¬ 
date  that  fixes  a  glitch  in  the  graphics 
program  within  the  client  software. 

On  Aug.  4,  the  U.S.  Computer  Emerg¬ 
ency  Readiness  Team  identified  the 
vulnerability  in  the  libpng  lib¬ 
rary,  which  is  used  to  display  Port¬ 
able  Networks  Graphic  images.  Ac¬ 
cording  to  CERT,  remote  hackers 
could  access  systems  via  malformed 
PNG  images,  which  also  couid  cause 
systems  to  crash.  The  patch  from 
Apple  protects  libpng  libraries  within 
the  updated  Mac  OS  X  10.3.5  operat¬ 
ing  system,  Apple  executives  say. 


Quintum  recently  released  a  new  gate¬ 
way  that  could  help  large  organizations 
connect  legacy  phone  equipment  to  a  VoIP 
network. 

Tenor  AX  is  a  device  that  can  combine 
PBX  lines  and  run  them  over  an  IP  net¬ 
work,  letting  businesses  consolidate  voice 
and  data  WAN  connections  to  cut  costs,  the 
company  says.  The  box  can  be  installed 
with  any  standard  legacy  PBX  system  and 
requires  no  upgrades  to  voice  and  data 
infrastructure. 

The  device  comes  in  versions  that  sup¬ 
port  eight,  16  and  24  voice  ports.  It  plugs 
into  a  PBX  through  public  switched  tele¬ 
phone  network  ports  on  one  side  and  has 
a  single  Fast  Ethernet  port  on  the  other  for 
IP  connectivity  The  device  includes  an  inte¬ 


grated  H.323  gateway  and  Session  Initia¬ 
tion  Protocol  user  agent  software,  which  let 
the  device  interoperate  with  multiple  stan- 
dards-based  IP  PBX  and  VoIP  equipment. 
Technologies  for  QoS  on  the  box  include 
IP  type-of-service  support  and  Differen¬ 
tiated  Services. 

For  deployments  requiring  more  than  24 
simultaneous  VoIP  calls,  multiple  Tenor  AX 
devices  can  be  stacked  and  connected  to 
the  same  PBX  for  handling  more  calls. 

Besides  basic  VoIP  call  connectivity  the 
box  also  lets  many  standard  PBX  features 
work  across  VoIP  connections,  such  as 
caller  ID,  91 1,41 1  and  toll-free-number  sup¬ 
port,  call-detail  record  recording  and  leg¬ 
acy  fax  transmissions. 

While  large  VoIP  deals  involving  big  com¬ 
panies  such  as  Boeing  and  Toshiba  have 
put  IP  PBXs  in  the  spotlight  recently  1DC 


says  more  companies  are  opting  to  enable 
their  PBXs  for  IP  rather  than  buy  new  com¬ 
puter-based  VoIP  phone  switches.  The 
research  firm  estimates  products  that  let 
old  PBXs  work  over  IP  networks  will 
account  for  about  60%  of  5.6  million  VoIP 
lines  sold  this  year,  with  the  remainder 
being  pure  IP 

Analysts  say  this  60/40  trend  in  terms  of 
IP-enabled  vs.  pure-iP  line  shipments,  will 
continue  over  the  next  several  years,  as 
businesses  with  PBX  i:ifr,  iructures  look  to 
add  VoIP  incrementally  without  replacing 
an  existing  phone  syvem. 

Tenor  AX  competes  with  VoIP  gateway 
products  from  vendor-;  such  as  Alcatel, 
Avaya,  Cisco,  Nortel  and  Siemens.  The 
eight-port  Teno.  AX  costs  $2,000,  the  16- 
port  box  costs  $3,700,  and  the  24-port  box 
costs  $4,600.  * 
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Adtran  dishes  up  another  penny-pinching  router 


m  3Y  TIM  GREENE 

Adtran  is  moving  up  the  food  chain  to 
lure  Cisco  access-router  customers  with  a 
new  family  of  its  bargain  NetVanta  routers. 

The  NetVanta  4000  line  is  being  intro¬ 
duced  with  the  NetVanta  4305,  a  three-slot 
router  that  can  serve  as  a  VPN  gateway  and 
supports  up  to  eight  T-l  lines, some  or  all  of 
which  it  can  blend  into  one  logical  pipe. 

The  NetVanta  4000  line  lies  between  the 
NetVanta  3000,  which  supports  single  T-l 
access,  and  the  NetVanta  5000,  which  sup¬ 
ports  dual  T-3  access.  Like  other  NetVanta 
routers,  it  is  designed  to  undercut  pricing 
of  similarly  sized  Cisco  routers  with  a  trade¬ 
off  between  Ciscos  broader  product  fam¬ 
ily  more  features  and  more  extensive  man¬ 
agement  vs.  Adtran’s  lower  price. 

Adtran  says  the  new  router  competes 
against  Cisco  3725  routers,  which  cost 
$8,300.  NetVanta  4305  costs  $2,500  with  no 
cards  and  a  basic  software  package.  En¬ 
hanced  software  that  includes  VPN  support 
costs  $995. 

The  new  box  has  two  WAN  slots  for  cards 
that  also  fit  in  the  lower-speed  NetVanta 
1000  and  3000  routers  and  one  larger  slot 
that  supports  cards  designed  for  the  high¬ 
speed  NetVanta  5000. 

Adtran  also  is  introducing  three  new 
NetVanta  cards.The  first  is  an  eight-port  T-l 
card  ($1,500)  that  fits  in  the  large  WAN  slot 
in  the  NetVanta  4305  and  in  the  NetVanta 
5000.The  other  two  are  a  large-format  High- 
Speed  Serial  Interface  card  ($1,300)  to 
connect  the  routers  to  a  separate  T-3 


DSU/CSU  and  a  small-format,  two-port  T-l 
card  ($650). 

The  company  is  upgrading  its  Adtran  Op¬ 
erating  System,  which  supports  Voipby  mak¬ 
ing  it  possible  for  Session  Initiation  Protocol 
signaling  messages  that  set  up  the  VoIP  calls 


■  BY  TIM  GREENE 

Juniper  and  WatchGuard  are  coming 
out  with  new  gear  to  provide  small  busi¬ 
nesses  and  corporate  offices  with  remote- 
access  technology  that  can  be  managed 
from  central  consoles. 

Juniper  is  introducing  a  trimmed-down 
version  of  its  Instant  Virtual  Extranet  (IVE) 
Secure  Sockets  Layer  (SSL)  remote-access 
software  on  an  appliance  called  Remote 
Access  500  that  supports  10  to  50  simulta¬ 
neous  connections  and  ranges  from 
$4,000  to  $7,000.  Before,  Junipers  smallest 
appliance,  the  SA  1000,  supported  as  few 
as  100  users  for  $15,000. 

By  comparison, an  A-Gate  60  SSL  remote- 
access  appliance  from  AEP  Systems, 
which  sets  low  price  as  a  goal, costs  $7,000 
for  50  users,  the  same  price  as  the  RA  500. 
Aventail’s  smallest  SSL  appliance,  the  EX- 
750,  costs  $10,000  with  a  50-user  license. 

The  RA  500  is  streamlined  for  small  com¬ 
panies  that  might  lack  the  IT  staff  and 
expertise  to  configure  all  the  features  of  a 


to  cross  firewalls  readily  and  to  close  fire¬ 
wall  ports  when  calls  are  concluded. 

The  updated  Adtran  Operating  System 
includes  some  basic  VPN  features  that 
most  single-purpose  VPN  gateways  supply 
as  standard  features.These  include  support 


full-blown  IVE  appliance.  So  Juniper  has 
cut  out  the  ability  to  cluster  RA  500s,  lim¬ 
ited  access  controls  to  one  option,  and 
stripped  out  support  for  Security  As¬ 
sertion  Markup  Language,  which  enables 
full  single  sign-on  capabilities. 

But  it  does  include  advanced  features 
such  as  software  to  check  that  computers 
making  remote  connections  to  the  device 
are  protected  by  anti-virus  software  and  a 
firewall,  and  that  running  applications  are 
legitimate.  At  the  end  of  a  session,  it  cleans 
out  temporary  files  used  during  the 
session. 

“I  don’t  think  anybody  gets  down  to  that 
much  functionality  for  10  users,”  says 
David  O’Berry,  director  of  IT  for  the  South 
Carolina  Department  of  Probation,  Parole 
and  Pardon  Services  in  Columbia,  S.C., 
who  beta-tested  the  RA  500. 

The  RA  500  is  available  in  three  models: 
the  510  for  10  users  at  $4,000;  the  525  for  25 
users  at  $5,500;  and  the  550  for  50  users  at 
$7,000.  They  differ  only  in  the  number  of 
user  licenses  they  support.  Upgrading  from 


for  network  address  translation  traversal, 
which  makes  sure  IP  addresses  are  re¬ 
solved  when  privately  numbered  LAN 
devices  make  IPSec  VPN  connections  and 
their  addresses  get  translated  to  public 
addresses.* 


the  510  to  the  525  costs  $2,050, and  upgrad¬ 
ing  from  the  252  to  the  550  costs  $2,200. 

Meanwhile,  WatchGuard  is  introducing 
wired  and  wireless  versions  of  a  new 
IPSec  VPN  appliance  that  supports  remote 
access  to  small  offices.  Called  Firebox  X 
Edge,  each  can  be  bought  with  license  for 
five,  15  or  50  simultaneous  users. 

Mike  Rearson, WAN  and  security  adminis¬ 
trator  for  the  Salvation  Army  Central  U.S. 
division  in  Chesterfield,  Mich.,  says  he 
regards  the  edge  devices  as  the  next  gener¬ 
ation  of  WatchGuard’s  small  office/home 
office  (SOHO)  6tc  family 

A  SOHO  6tc  appliance  that  provides  a 
75M  bit/sec  firewall  and  20M  bit/sec  VPN 
for  10  users  costs  about  $300.  A  Firebox  X 
Edge  for  15  users  with  a  95M  bit/sec  fire¬ 
wall  and  35M  bit/sec  VPN  costs  about  $580. 

Later  this  year,  WatchGuard  is  set  to  ship 
a  wireless  version  of  Firebox  X  Edge  that 
supports  802.11  b  and  g  Wi-Fi  standards. 
The  wireless  versions  range  from  about 
$570  for  a  five-user  license  to  about  $  1 , 1 50 
for  unlimited  users.* 


Vendors  target  remote-access  security 
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Spam  filters  and  constant  pruning  not¬ 
withstanding,  my  Outlook  mailbox  is 
just  plain  huge.  With  my  Outlook 
offline  storage  file  weighing  in  at  more 
than  1G  byte,  1  sit  here  today  with  some 
thing  north  of  10,000  items  in  my  in-box 
with  about  half  that  amount  again  residing 
in  Sent  Items. 

While  Outlook  2003  certainly  is  better 
equipped  than  prior  versions,  its  search 
capability  is  still  relatively  labor-intensive  if 
not  primitive.  Finding  a  particular  item 
involves  clicking  off  which  folders  to 
search.  If  your  time  frame  involves  some 
thing  older  than  “last  month,” you  find  your¬ 
self  following  an  “advanced”  tab  to  yet 
another  “advanced”  tab  (“double  advan¬ 
ced”)  into  a  great  labyrinth  of  more  options 
than  you  could  ever  deal  with. 

Thus,  the  Googlelike  simplicity  of  Look¬ 
out  from  Lookout  Software  (www.nwfu 
sion.com,  DocFinder:  3338)  is  a  welcome 
relief.  And  simpler  is  better.  Not  only  are 
your  search  results  delivered,  by  default, 
ranked  by  relevance  but  using  simple  key¬ 
words,  such  as  “from,”  you  also  can  hone 
your  search  without  resorting  to  the  likes  of 
the  aforementioned  “double  advanced” 
menus. 

All  this  is  free  from  what  appears  to  be  a 
tiny  company  But  it’s  not.  One  might  haz¬ 


ard  a  guess  that  Microsoft’s  Outlook  search 
development  team  has  more  secretaries 
than  Lookout  has  developers. 

But  there’s  more  to  the  story  than  just  a 
neat  tool.  Just  last  month,  Lookout  became 
part  of  Microsoft’s  move  to  unseat  Google 
as  the  premier  provider  of  search  services 
(DocFinder:  3339). 

Lookout  is  now  part  of  Microsoft  and  its 
technology  looks  to  become  an  important 
element  of  the  behemoth-to-be  MSN 
search.  As  much  as  Microsoft  has  been  crit¬ 
icized  over  the  years  for  its  arrogance, 
recent  acquisitions  have  proven  that  it  is 

,  Site  ■  Lessons  from  leading  users 

11  Hydro  One 

continued  from  page  17 

At  the  end  of  their  shifts,  they  plug  the 
computer  into  the  office  LAN,  or  some¬ 
times  dial  in,  to  synchronize  with  several 
back-end  enterprise  applications.  The 
most  important  of  these  applications  is 
PassPort,  a  client/server  asset  manage¬ 
ment  suite  from  Indus  International. 

The  total  cost  of  the  project  was  just  over 
$1  million,  covering  the  handhelds,  devel¬ 
opment  work,  training  and  three  mobile 
applications  from  the  Telispark  Mobile 
Enterprise  by  Infowave.  Using  the  applica¬ 
tions,  technicians  download  electronic 
work  orders,  link  the  orders  with  data  on 
specific  assets  such  as  power  transformers 


sufficiently  humble  not  to  overlook  outside 
technologies  simply  because  they  were 
“not  invented  here.” 

One  can  be  sure  that  Microsoft  sees  the 
dual  benefits  of  most  acquisitions  — 
adding  it  to  the  Microsoft  arsenal  while  tak¬ 
ing  the  same  technology  out  of  play  for 
competitors. 

Look  what  Microsoft  managed  to  do  with 
the  “virtual  PC”  space.  Two  years  ago,  it  was 
dominated  by  two  small  companies, 
VMWare  and  Connectix. While  using  Micro¬ 
soft  as  its  base  operating  system, Connectix 
offered  support  for  Linux  guest  operating 


and  file  electronic  inspection  reports  on 
the  equipment  through  the  PassPort  serv¬ 
er.  The  Infowave  software  stores  the  data 
on  a  built-in  mobile  database. 

The  Infowave  software  is  a  group  of 
three  applications  specifically  designed 
for  an  array  of  jobs  that  are  part  of  the  rou¬ 
tine  daily  work  of  service  technicians  and 
others  who  travel  to  different  locations  for 
customer  service  or  equipment  repairs. 

Infowave’s  mWorkManager  lets  Hydro 
One  technicians  organize,  view,  update 
and  close  out  the  downloaded  work 
orders  via  a  set  of  graphical  displays,  pull¬ 
down  menus  and  lists. 

The  second  application,  mAsset,  associ¬ 
ates  the  work  order  with  data  —  such  as 
serial  number,  repair  schedule  and  histor¬ 
ical  data  —  for  example,  about  a  specific 
transformer,  breaker  or  other  equipment. 


systems.  Microsoft  bought  the  company  in 
early  2003.  Guess  which  guest  operating 
system  suddenly  became  unsupported? 

This  left  Microsoft  users  interested  in 
learning  Linux  with  only  VMWare  (which 
EMC  purchased  in  the  interim).  So,  with 
one  stroke,  Microsoft  not  only  helped  pro¬ 
mote  its  own  virtualization  strategy  but 
made  moving  to  Linux  a  little  bit  harder. 

Tolly  is  president  of  The  Tolly  Group,  a 
strategic  consulting  and  independent  test¬ 
ing  company  in  Boca  Raton,  Fla.  He  can  be 
reached  at  ktolly@tolly.com. 


The  third  application  of  the  suite, 
mlnspect,  lets  the  technician  report  on 
equipment  conditions,  using  forms, 
checklists  and  typed  entries. 

As  is  often  the  case  in  mobile  projects, 
work  processes  that  flow  smoothly  on  a 
desktop  PC  had  to  be  streamlined  for  the 
mobile  devices.  One  was  the  process  of 
collecting  the  initial  batch  of  work 
orders. 

“We  have  thousands  of  these,”  McIntyre 
says.“Originally  a  worker  pulled  them  one 
at  a  time  onto  their  screen.  But  if  they  had 
100  of  these,  it  was  laborious  to  do  this 
one  at  a  time.  Our  PassPort  tech  support 
[team]  created  a  PassPort  screen  to 
assign  work  orders  in  batches  to  given 
users.  When  the  worker  cradles  his  laptop 
or  PDA,  PassPort  pushes  down  the  rele¬ 
vant  orders.”  ■ 


www.iss.net 


When  business  losses  are  measured  in  seconds , 
preemption  beats  “reaction"  every  time. 


The  only  effective  security  is  preemption.  This  preemptive  power  is  only  available  with  the  Proventia’“  Security  Platform  from  Internet 
Security  Systems.  When  software  security  flaws  are  discovered,  Internet  Security  Systems’  world-renowned  research  team  updates  Proventia 
to  immediately  shield  against  any  attacks  targeting  weak  spots.  Regardless  of  the  size  of  your  business,  this  new  standard  in  Internet 
security  can  help  keep  you  off  the  path  to  disaster  and  reduce  your  total  cost  of  ownership  -  In  fact,  when  we  manage  Proventia  for  you, 

well  even  guarantee  protection.  Need  proof?  Get  your  free  whitepaper,  Preemptive  Protection:  Setting  a  New  Standard  in  Security,  at 
www.iss.net/proof/whitepaper  or  call  800-776-2362. 
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Linux  makes  inroads  with  Novell  users 

S  BY  DENI  CONNOR 


Novell's  Linux  migration 

Novell  first  announced  a  major  Linux  initiative  in  April  2003. 


Feature 

What  it  does 

Product 

Availability 

Access  controls 

Trustee  rights,  file  and  directory  access  rights 

NNLS  2.0 

2005 

Clustering 

High  availability  and  failover  software 

OES 

December 

Desktop  integration 

Login  script  support,  file  access,  authentication 

OES 

December 

eDirectory 

Authentication  and  management 

NetWare  6.5 

Now 

Health  monitoring  services 

CIM-based  management  of  server  health 

OES 

December 

iFolder 

File  management 

NNLS  1.0 

Now 

iManager 

Web-based  management 

NNLS  1.0 

Now 

iPrint 

Lets  users  print  from  any  location 

NNLS  1.0 

Now 

NetMail 

Internet  messaging  and  calendaring 

NNLS  1.0 

Now 

Novell  Resource  Management 

Patch  management,  automated  software  management 

NNLS  1.0 

Now 

Virtual  Office 

Collaboration  tool 

NNLS  1.0 

Now 

Early  adopters  of  Novell’s  Nterprise  Linux  Services 
say  the  package  lets  them  consolidate  server  oper¬ 
ating  systems  and  offers  a  smooth  migration  path 
to  Linux  from  NetWare  servers. 

NNLS  was  the  first  product  that  launched  Novell  full- 
bore  into  Linux.  Released  in  December  2003,  the  pack¬ 
age  contains  Novell’s  Virtual  Office  collaboration  tool;  its 
iFolder  file  management  system;  iPrint,  which  lets  users 
print  from  any  location;  its  Internet  messaging  package 
NetMail;  its  Web-based  iManager  package;  Novell  Re¬ 
source  Management,  a  tool  for  automated  software  man¬ 
agement;  and  Novell’s  eDirectory.  NNLS  works  on  Red 
Hat  or  SuSE  Linux. 

In  March,  Novell  announced  that  its  next  operating  sys¬ 
tem  —  Open  Enterprise  Server  (OES)  —  would  incorpo¬ 
rate  NetWare  and  Linux  kernels,  letting  users  deploy 
applications  on  whatever  platform  they  want.  In  OES, 
NetWare  services  will  run  on  both  kernels  —  those  ser¬ 
vices  include  file  services,  clustering,  print,  identity, 
administrative, Web,  patch  management,  health  monitor¬ 
ing  and  client  integration.  Novell  says  OES  will  be  avail¬ 
able  by  year-end. 

To  familiarize  themselves  with  Novell  services  on  Linux, 
many  users  have  tested  the  waters  with  NNLS,  which  con¬ 
tains  components  of  OES.The  operating  system  will  run 
initially  on  32-bit  extension  technology  from  Intel  and  64- 
bit  versions  of  SuSE  Linux  Enterprise  Server  9,  which 
Novell  acquired  last  year. 

Anthony  Hill,  CTO  for  Golden  Gate  University  in  San 
Francisco,  and  Keith  Rajecki,  infrastructure  manager  at 
the  university,  have  deployed  NNLS  and  plan  on  upgrad¬ 
ing  to  OES  when  it  is  released. 

There  is  a  fundamental  reason  we  started  looking  at 
NNLS  —  we  are  pursuing  an  IT  strategy  based  around 
consolidation,”  Hill  says.“We  chose  Linux  as  the  [operat¬ 
ing  system]  to  consolidate  database  applications  and 
Web  servers.  When  Novell  announced  its  Linux  strategy 
it  became  a  very  obvious  way  for  us  to  go  and  consoli¬ 
date  our  networking  environments  around  Linux.” 

Hill,  who  has  14  NetWare  5.5  servers  and  1,000  users, 
considered  migrating  his  servers  from  NetWare  to 
Windows,  but  he  saw  problems  with  that  approach. 

“Had  we  gone  with  Windows,  we  wouldn’t  have 
achieved  any  economies  of  scale  through  consolida¬ 
tion,  and  it  meant  bringing  in  some  competing  architec¬ 
tures  such  as  messaging  and  directory  services,”  says 
Hill,  who  uses  Novell’s  GroupWise,  eDirectory  and 
ZENworks  management  package. 

Staying  with  NetWare  wasn’t  a  good  choice  for  Hill 
either. 

“Flad  we  stayed  on  NetWare,  we  could  have  stayed 
with  the  Novell  tools,  but  we  wouldn’t  have  enjoyed  any 
economies  of  scale  because  NetWare  requires  ded¬ 
icated  staff  and  skill  sets,  and  there’s  a  relatively  small 
number  of  software  vendors  supporting  [the  operating 
systems],” Hill  says. 

Hill  chose  to  pin  Golden  Gate’s  network  on  Novell’s 
OES  instead. 

"For  us,  the  ability  to  run  Novell’s  messaging  and  man¬ 
agement  tools,  and  consolidate  that  all  around  Linux 


allows  us  to  achieve  the  maximum  economy  of  scale  and 
consolidate  the  enterprise  from  one  end  to  the  other]’ 
he  says. 

“Novell’s  strategy  of  providing  a  NetWare  and  Linux 
kernel  has  allowed  us  a  smoother  migration  strategy 
Hill  says.  He  and  Rajecki  are  migrating  their  network  to 
NetWare  6.5  first  because  NetWare  access  controls  won’t 
be  available  until  NNLS  2.0  is  released  at  the  beginning 
of  next  year. 

“We  did  that  only  because  we  didn’t  want  to  have  to 
migrate  file  system  structures  —  in  Linux  you  lose  a  lot 
of  the  security  features  that  are  available  in  NetWare, 
such  as  access  controls,”  Rajecki  says. 

When  NNLS  2.0  is  released, “the  Novell  file  system  will 
be  ported  onto  the  Linux  platform. Then,  we  are  looking 
at  taking  our  14  servers  from  NetWare  to  Linux,”  he  says. 

Like  Hill,  James  Taylor  cites  the  decline  in  skilled  Net¬ 
Ware  administrators  as  part  of  his  desire  to  migrate  to 
Linux.Taylor,  network/infrastructure  manager  for  SPX 
Valves  and  Controls  in  Houston,  has  50  NetWare  servers 
in  13  international  locations. 

“We  will  move  all  NetWare  services  to  Linux, ’’Taylor 
says.“There  is  no  reason  for  us  to  stay  on  the  NetWare 
kernel.  I’m  looking  at  NNLS  to  provide  a  single  infra¬ 
structure  and  get  rid  of  all  those  Microsoft  and  Novell 
installations,  and  go  Linux  across  the  board  for  file  and 
print  sharing  and  for  Novell  services.” 

Taylor,  who  has  been  testing  NNLS  1.0  for  three 
months,  says  he  hopes  to  also  consolidate  his  13  loca¬ 
tions  around  one  operating  system.  However,  he’ll  wait 
until  Novell  releases  OES  for  full  deployment. 

“I  probably  will  wait  until  OES  comes  out  because  I 
don’t  think  Novell  is  going  to  provide  a  seamless  integra¬ 
tion  from  NNLS  to  OES, ’’Taylor  says.“If  Novell  comes  out 
with  another  version  of  NNLS  that  supports  access  con¬ 
trols,  we  would  deploy  it  in  production  environments." 

Danny  Wall,  network  engineer  for  Health  First  in 
Rockledge,  Fla.,  says  OES  will  wean  his  organization  of 
its  dependence  on  Windows.  Wall  has  three  dozen 


NetWare  servers. 

“In  our  environment  we  have  350  to  400  applications,” 
Wall  says. “It’s  insane.Too  many  of  them  are  Microsoft- 
based.” 

“When  you  look  at  the  three  major  platforms  —  Net¬ 
Ware,  Windows  and  Linux  —  there’s  a  level  of  security 
usability  and  customization, ’’Wall  says.“NetWare  is  extrem¬ 
ely  secure  and  stable;  however,  it’s  not  easily  customized. 
Windows  is  customizable,  but  it’s  not  secure  and  stable. 
Linux  bridges  that  gap,  and  you  have  customization.” 

To  reduce  dependence  on  Windows,  Wall  has  installed 
three  NNLS  servers. 

One  of  Wall’s  servers  runs  Novell’s  Virtual  Office  and 
eDirectory;  the  second  is  an  iPrint  server,  and  he’ll  use 
the  third  one  for  Novell’s  package  management  features. 
NNLS  1.0  includes  the  Linux  Application  (Red  Hat 
Package  Manager)  distribution  via  the  Ximian  Red 
Carpet  system,  which  it  acquired  in  August  2003. 

But  Wall  can’t  completely  migrate  to  Windows  because 
some  users’  applications  still  require  Windows. 

“Our  finance  department  uses  PeopleSoft,  for  example, 
which  relies  on  [Microsoft]  Excel,”Wall  says.“When 
PeopleSoft  starts  supporting  a  standards-based  browser, 
it’s  possible  that  will  open  it  up  to  Linux.” 

As  for  whether  users  will  deploy  Linux  on  their  users’ 
desktops  —  these  IT  managers  say  no. 

“Our  desktops  will  stay  Microsoft, ’’Taylor  says.“We  have 
Lotus  Notes,  and  IBM  isn’t  coming  out  with  a  Linux 
client.  We  have  J.D.  Edwards.  We  won’t  be  able  to  steer 
away  from  Microsoft.” 

“We  don’t  have  any  plans  for  Linux  on  the  desktop,” 
says  Hill,  whose  staff  supports  1,000  Windows  desktops. 
“The  real  reasons  we  have  for  not  supporting  Linux  on 
the  desktop  is  our  faculty  and  students  are  Windows 
users.  We  also  enjoy  higher-education  pricing  from 
Microsoft, so  Linux  offers  little  to  no  price  advantage  for 
us.Third,  if  you  have  a  broad  base  of  Windows  applica¬ 
tions  to  support,  putting  Linux  on  the  desktop  creates  a 
very  big  systems-integration  challenge  for  us."B 
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On  the  lookout  for  spyware 

Formerly  a  concern  for  home  users,  adware  gets  attention  of  IT  execs. 


Takes 


■  Anti-spam  service  company  Pos- 
tini  this  week  is  updating  its  e-mail 
intrusion-prevention  system 

with  stronger  IP  analysis  to  detect 
spam  before  it  enters  corporate  net¬ 
works.  In  Version  5.0  of  Perimeter 
Manager,  Postini  has  enhanced  the 
service  so  that  once  an  IP  address 
sends  spam  to  a  customer's  e-mail 
account,  Postini  automatically  blocks 
mail  from  that  IP  address  bound  for 
any  of  its  users.  In  Version  5.0,  the 
company  also  has  included  a  whitelist 
facility  for  IP  addresses  it  has  deter¬ 
mined  never  or  rarely  send  spam  or 
viruses,  factoring  in  those  good  repu¬ 
tations  when  determining  a  rating  for 
whether  an  e-mail  is  considered  spam. 
For  messages  that  score  high  on  Pos- 
tini’s  spam  rating,  Version  5.0  includes 
a  "blatant  spam  blocking"  feature  that 
deletes  such  messages  instead  of 
sending  them  into  quarantine.  Postini 
also  has  renovated  the  user  interface. 
The  upgraded  service  is  priced  from 
$6  to  $30  per  user,  per  year,  with  a 
minimum  cost  of  $2,500. 

■  Vintela,  which  develops  software 
to  integrate  Windows  and  competing 
platforms,  has  developed  an  exten¬ 
sion  to  Microsoft’s  management  soft¬ 
ware  that  lets  users  control  Unix, 

Linux  and  Macintosh  computers.  The 
company  last  week  shipped  Vintela 
Management  Extensions  1.0,  a  set 
of  components  for  Microsoft’s  System 
Management  Server  2003  that  provide 
discovery,  inventory,  distribution, 
reporting  and  remote  features  for 
managing  servers  and  desktops, 
regardless  of  platform.  The  software 
can  help  consolidate  management 
chores  to  one  platform  and  help  users 
avoid  retraining  on  other  tools  when 
integrating  non-Windows  platforms 
into  a  Windows  network.  VMX  is 
priced  starting  at  about  $1,200,  which 
includes  server,  console  and  four 
client  components.  Additional  client- 
side  components  are  $75  per  desktop 
and  $125  per  sever.  The  prices  include 
a  Windows  client-access  license,  and 
Microsoft  Product  Support  Services 
is  providing  first-level  support  for 
users  with  Enterprise  Agreements. 


■  BY  ELLEN  MESSMER 

Organizations  are  increasingly  eyeing 
spyware  as  a  threat  that  needs  to  be 
blocked  from  reaching  end  users’ 
desktops. 

A  catchword  for  software  programs  that 
watch  what  end  users  are  doing  at  their 
computers,  spyware  is  said  to  encompass 
everything  from  marketing  cookies,  pop- 
ups  and  adware  downloaded  with  peer-to- 
peer  file-sharing  programs  to  malicious 
Trojans  and  keyloggers  designed  to  steal 
personal  data.  Even  at  its  most  benign, spy- 
ware  is  generating  anger  in  corporations 
that  see  it  jamming  up  user  desktops, 
causing  malfunctions  and  slowdowns. 

“It’s  an  insidious  scourge  of  the  Internet” 
says  Lisa  Hagen,  IT  manager  at  biotech¬ 
nology  manufacturing  firm  Labcyte  in 
Sunnyvale,  Calif. “These  are  pieces  of  soft¬ 
ware  that  get  installed  unbeknownst 
to  you.” 

Over  the  past  year,  Hagen  has  seen  in¬ 
stances  where  employees’  desktop  ma¬ 
chines  were  “acting  weird”  from  the  effects 
of  adware,  which  Hagen  tries  to  combat 
by  having  employees  use  anti-spyware 
software,  including  StopZilla.  Other  IT 
managers  recount  similar  stories. 

Daniel  VanMeter, system  security  special¬ 
ist  at  Kansas  University  Medical  Center  in 
Kansas  City,  says  he’s  seen  increasing 
numbers  of  network  users  approach  the 
IT  department  to  complain  that  their 
machines  won’t  boot  up  or  are  malfunc¬ 
tioning.  It  often  turns  out  there  are  hun¬ 
dreds  of  different  spyware/adware  pro¬ 
grams  interfering  with  each  other,  causing 
the  computer  to  choke  on  them, he  notes. 

Vendors  respond 

Spyware  complaints  were  once  heard 
mainly  among  home  PC  users.Thus,  most 
spyware-eradication  software  is  designed 
for  individual  users.  But  as  corporations 
increasingly  express  alarm,  anti-spyware 
software  developers  are  leaping  into  the 
corporate  market,  selling  multi-user  li¬ 
censes  with  centralized  management  for 
security  professionals. 

Anti-virus  vendors,  which  have  long 
gone  after  dangerous  keyloggers  and 
Trojans  that  get  lumped  into  the  spyware 
category,  are  broadening  their  reach  to  go 
after  adware.  Trend  Micro  recently  added 
the  anti-spyware  freeware  Spybot  to  its 
anti-virus  software. 


David  Stang,  co-founder  and  vice  presi¬ 
dent  of  research  at  anti-spyware  vendor 
PestPatrol,  which  recently  entered  the  cor¬ 
porate  market,  says  detecting  and  eradi¬ 
cating  spyware  relies  on  the  kind  of  signa¬ 
ture-based  technique  used  to  define  a 
computer  virus. 

“There’s  an  analogy  with  anti-virus,  and 
the  techniques  for  wrestling  with  it  remain 
the  same,”  Stang  says.  PestPatrol’s  database 
runs  to  23,000  spyware  signatures,  and  the 


Move  over  viruses 

McAfee’s  top  10  threats  for  the 
first  half  of  the  year  included  four 
spyware/adware  programs. 

1.  Exploit-MhtRedir.gen 

2.  VBS/Psyme 

3.  Adware-Gator 

4.  Adware-180Solutions 

5.  Adware-Cydoor 

6.  Adware-Betterlnet 

7.  W32/Netsky.d 

8.  W32/Netsky.p 

9.  W32/Netsky.q 

10.  W32/MyDoom.a 


company  typically  adds  about  75  new  sig¬ 
natures  per  week. 

The  adware  components  in  spyware 
often  are  designed  so  they  are  hard  to 
detect  and  eradicate  because  one  adware 
program  “may  add  30  registry  entries  and 
a  half-dozen  files,”  Stang  says. 

Anti-spyware  software  has  a  tougher  job 
than  anti-virus  software  cleaning  up  desk¬ 
top  computers,  he  adds. 

Peer-to-peer  file-transfer  software  such  as 
Grokster  and  marketing  adware  such  as 
Claria’s  Gator  software  are  said  to  be 
among  the  most  prevalent  adware  “down- 
loaders.”  Downloaders  typically  report 
back  to  servers  about  what  users  are 
doing  on  the  Web  and  present  advertising 
information. 

A  problem  facing  software  vendors  tar¬ 
geting  spyware  is  that  as  the  number  of 
“pests”  grows,  so  will  the  size  of  the  soft¬ 
ware  to  detect  it.  PestPatrol’s  anti-spyware 
software  today  is  2M  bytes  “and  it’s  going 
to  get  bigger,”  Stang  says. 

The  larger  the  program,  the  greater  the 
possibility  of  slowing  the  desktop  ma¬ 
chine.  And  that  concerns  McAfee,  whose 


VirusScan  8.0  product  for  the  first  time 
also  targets  about  200  spyware/adware 
programs  considered  among  the  worst. 

“We  prefer  to  call  them  ’potentially 
unwanted  programs’”  says  Vincent  Gul- 
lotto,  vice  president  at  McAfee’s  Avert 
research  lab,  who  adds  that  McAfee  is  con¬ 
sidering  how  to  add  more  PUPS  detec¬ 
tions  into  future  versions  of  its  anti-virus 
software  without  causing  performance 
degradation.  McAfee  intends  to  unveil  an 
approach  that  might  involve  new  tech¬ 
nologies  by  this  fall,  he  says. 

Gullotto  notes  the  term  PUPS  is  legally 
less  contentious,  because  some  firms, 
such  as  marketing  firm  Claria,  have  ob¬ 
jected  to  the  “spyware”  label. 

McAfee  customers  often  ask  the  firm  to 
detect  and  eradicate  PUPs  they  have 
found  in  employees’  computers.  McAfee 
often  ends  up  reviewing  the  end-user 
licensing  agreement  (EULA)  that  is  down¬ 
loaded  with  the  PUPs. 

A  gray  area 

If  the  software  is  violating  its  own  EULA, 
such  as  sending  passwords  out  through  a 
back  door,  McAfee  will  eradicate  it.  But 
there  is  a  gray  area  where  the  user  might 
have  given  consent  to  download  market¬ 
ing  adware.  In  which  case,  McAfee  has  to 
spend  more  time  considering  the  legal 
ramification  of  wiping  it  from  the 
computer. 

“It’s  a  quagmire,”  Gullotto  says. 

McAfee’s  legal  counsel’s  view  is  that 
employees  don’t  have  the  legal  right  to 
consent  to  downloading  software  be¬ 
cause  they  don’t  own  machines. 

Marketing  adware  has  brought  about 
legal  debate  related  to  issues  such  as  con¬ 
sent,  privacy  and  free  speech  that  arose 
years  ago  with  so-called  cookies,  says 
Mark  Rasch,  senior  vice  president  and 
chief  security  counsel  at  managed  secur¬ 
ity  services  firm  Solutionary. 

“But  what’s  really  bad  about  spyware  is 
that  most  people  can’t  reasonably  know 
what’s  going  on  —  and  that  the  stuff  gums 
up  their  computer,”  he  says. “Corporations 
need  to  inform  the  user  on  the  issue  of 
consent  and  what  spyware  is  and  what  it’s 
doing. And  they  should  make  anti-spyware 
available  to  block  it 

Kevin  Kingdon. analyst  with  security  con¬ 
sultancy  Intellitrove,  says  anti-virus  ven¬ 
dors  are  “playing  catch-up”  with  spyware 

See  Spyware,  page  22 
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The  FCC  seems  to  have  decided  to 
take  a  path  between  the  open  road 
and  a  guarded  tunnel  when  it 
comes  to  the  Internet,  but  the  jury  is  still 
out. 

In  March  I  wrote  about  a“Joint  Petition 
for  Expedited  Rulemaking”  that  the 
Department  of  Justice,  Drug  En¬ 
forcement  Administration  and  FBI  sent 
to  the  FCC  (see  www. nwfusion.com, 
DocFinder: 3327). The  petition  asked  the 
FCC  to  come  up  with  rules  to  clearly 
permit  wiretapping  the  Internet  and 
Internet-based  services  (and  to  have 
service  providers  pay  for  the  required 
network  upgrades).  The  FCC  has  just 
published  a  “Notice  of  Proposed  Rule- 
making”  (NPRM)  in  response  to  the  peti¬ 
tion  that  details  its  tentative  decision 
and  includes  requests  for  comments  on 
particular  issues. 

The  FCC  published  the  NPRM  on  its 
Web  site  (DocFinder:  3337)  and  includ¬ 
ed  statements  by  some  of  the  FCC  com¬ 
missioners.  The  FCC  is  about  to  start  on 
a  45-day  comment  period,  and  things 
could  change  in  response  to  comments 
received,  but  some  of  the  high-level 
conclusions  seem  clear. 

The  FCC  has  “tentatively”  decided  the 
Communications  Assistance  for  Law  En¬ 
forcement  Act  (CALEA)  applies  to  “facili- 
ties-based  providers  of  any  type  of  broad¬ 
band  Internet  service”  (wholesale  and 
retail).  This  includes  wireline-,  cable-  mo¬ 
dem-,  satellite-  and  powerline-based  ISPs. 
The  FCC  will  propose  “mechanisms  to  en¬ 
sure  that  telecommunications  carriers 
comply  with  CALEA.” 

The  FCC  also  has  tentatively  decided 
that  CALEA  also  applies  to  “managed” 
VoIP  or  instant-messaging  services.  At 
the  same  time,  the  commission  tenta¬ 
tively  decided  that  it  would  not  need  to 


FCC  chooses 
middle  road  on 
'Net  wiretapping 

identify  future  services  and  entities  that 
also  would  be  subject  to  CALEA  be¬ 
cause  the  final  FCC  order  will  make  it 
clear  enough. 

The  FCC  does  not  assume  it  has  all  the 
answers  and  asks  for  comments  on 
issues  such  as  the  state  of  CALEA-type 
standards  for  the  Internet  and  the  feasi¬ 
bility  of  carriers  relying  on  third  parties 
to  manage  a  carriers  CALEA  functions. 

The  FCC’s  tentative  conclusion  is  that 
CALEA  does  not  apply  to  non-moderated 
(for  example,  point-to-point)  VoIP  and  IM 
applications  or  to  non-facilities-based 
ISPs.  The  FCC  could  change  its  mind 
after  receiving  comments  or  Congress 
could  change  the  rules,  but,  at  first  pass 
and  without  much  detail,  the  decisions 
seem  as  balanced  as  one  might  hope  for. 
They  avoid  the  innovation-killing  appli¬ 
cation  pre-screening  process  and  an 
impossible-to-enforce  CALEA  extension 
to  Internet  applications  other  than  VoIP 
and  IM. 

Some  of  the  commissioners  are  worried 
the  FCC  might  be  going  beyond  the  cur¬ 
rent  law  or  that  the  conclusions  are  on 
“very  shaky  ground.”  But,  as  one  of  the 
commissioners  pointed  out,  in  the  end  it 
will  be  the  courts  (and  Congress,  then  the 
courts)  that  make  the  final  decision. 

We  are  at  an  important  stage  in  the 
evolution  of  the  Internet.  The  ’Net  can¬ 
not  be  considered  just  a  toy,  even  if 
some  telco  folk  still  think  it  is  one,  when 
law  enforcement  starts  to  see  it  as  yet 
another  observation  tool.  (But  that  is 
kind  of  a  sad  milestone.) 

Disclaimer:  At  its  age,  Harvard  has  had 
lots  of  milestones, sad  and  happy,  but  it’s 
not  “yet  another  law-enforcement  tool” 
and  the  above  opinion  is  mine. 

Bradner  is  a  consultant  with  Harvard 
University’s  University  Information  Sys¬ 
tems.  He  can  be  reached  at  sob@sob.com. 


Spyware 
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blocking,  adding  the  most  effective  anti¬ 
spyware  software  he’s  seen  so  far  to  com¬ 
bat  the  worst  of  it  is  the  $25  desktop  soft¬ 
ware  SpyCop. 

Other  approaches  to  spyware  eradica¬ 
tion  include  filtering  at  least  some  of  it  out 
at  the  Internet  gateway,  according  to  some 
IT  professionals. 

Online  stock  brokerage  firm  OptionsEx- 
press  in  Chicago  blocks  signature-based 
unwanted  programs,  including  keystroke 
loggers  and  the  Gator  client,  at  the 
Internet  gateway  says  Ben  Stein,  vice  pres¬ 
ident  of  IT  infrastructure. The  firm  is  using 
StillSecure’s  Border  Guard  appliance, 
he  says. 


Claria,  which  last  October  changed  its 
name  from  Gator  and  makes  the  Gator 
application  and  other  marketing  software, 
says  it  couldn’t  have  executives  speak 
directly  to  questions  because  it  is  in  the 
“quiet  period”  before  an  IPO.  But  in  an 
e-mailed  response,  Claria  says  it  operates 
the  “world’s  largest  behavioral  ad  net¬ 
work”  and  targets  its  advertisements  to 
segments  of  its  “large,  permission-based 
audience  of  users  based  on  a  broad  range 
of  anonymously  identified  behaviors 
exhibited  across  the  Internet.” 

The  company  estimates  that  it  has  an 
audience  of  43  million  users  worldwide 
and  has  had  about  425  advertisers  use  its 
services.  Claria  rejects  the  notion  that 
Gator  disrupts  a  desktop  machine’s 
operations.  ■ 
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Level  3  snares  m^jor  IP  VPN  deal 

Sears  to  run  voice,  data,  video  over  MPLS-based  network. 


■  BY  CAROLYN  DUFFY  MARSAN 

Level  3  Communications  will  provide  IP 
VPN  services  to  Sears,  Roebuck  &  Co.  stores 
nationwide  through  a  network  outsourcing 
deal  that  telecom  experts  say  is  one  of  the 
largest  of  its  kind. 

Level  3  will  provide  its  (3)Flex  Network  IP 
VPN  services  to  Computer  Sciences  Corp. 
(CSC),  which  is  the  prime  contractor  on 
the  Sears  IT  outsourcing  arrangement. 

CSC  announced  in  June  that  it  had  won 
a  10-year,  $1.6  billion  IT  outsourcing  con¬ 
tract  from  Sears  that  includes  support  for 
desktops,  servers,  data  networks  and  Web- 
related  systems.  CSC  has  taken  over  IT  sup¬ 
port  for  more  than  2,300  Sears  stores  in  the 
U.S.  and  Canada,  and  it  has  hired  nearly 
200  of  Sears’  IT  employees.  CSC  ran  a  com¬ 
petitive  procurement  to  select  an  IP  VPN 
carrier,  and  Level  3  won  the  contract. 

“Level  3’s  technology  leadership  and 
high-quality  network  services  make  them 
an  integral  component  of  the  IT  solution 
that  CSC  will  provide  Sears,"  Don  Durbin, 
CSC  vice  president  for  Americas  Outsourc¬ 
ing, said  in  a  statement  “Level  3’s  IP  VPN  ser¬ 
vice  provides  the  [Multi-protocol  Label 
Switching] -based  network  that  will  enable 
future  network  convergence  for  Sears,  im¬ 
proving  both  network  manageability  and 
costs." 

Analysts  say  they  believe  Level  3  com¬ 
peted  against  the  leading  IP  VPN  service 


IPSec  services  on  the  wane 

Revenue  from  SSL,  MPLS  and  hybrid  MPLS-IPSec  VPN  services  will  eat 
away  at  the  current  leading  VPN  service  technology,  IPSec. 


providers  in  the  U.S. —  including  AT&T,  MCI 
and  Sprint  —  to  win  the  Sears  contract. 

“This  is  a  huge  deal  for  Level  3,”  says 
Michael  Howard,  principal  analyst  with 
Infonetics  Research.  “It’s  a  huge  commit¬ 
ment  by  a  blue-ribbon  stock  company  like 
Sears.  This  means  that  CSC  and  Sears 
absolutely  believe  that  Level  3’s  network  — 
which  is  a  very  solid  network  —  is  some¬ 
thing  they  can  bet  their  business  on  for 
years  to  come.” 

“This  is  very  good  news  for  Level  3,” 
agreed  J.PGownder,  a  senior  analyst  at  The 
Yankee  Group.  “As  a  company  that  only 


GSM  dominates  in  Europe. 


■  The  CDMA  Development  Group,  a 

wireless  trade  association,  announced 
last  week  that  10.5  million  new  cus¬ 
tomers  signed  up  for  Code  Division 
Multiple  Access  wireless  services  in  the 
second  quarter.  That  brings  the  total 
number  of  subscribers  to  212.5  million 
worldwide.  The  CDG  counts  not  only 
legacy  CDMA  users  but  also  next-gen¬ 
eration  CDMA2000  IxRTT  and  Evolu¬ 
tion-Data  Optimized  users.  The  group 
noted  that  the  majority  of  CDMA  users 
are  in  the  Americas,  where  120  million 
subscribers  use  the  service.  Asia- 
Pacific  has  88.8  million  CDMA  users, 
and  Latin  America  has  about  35  million. 


■  MCI  announced  last  week  that  it  is 
expanding  services  within  its  Metro¬ 
politan  Area  Exchange  points.  MCI  s 
MAEs  are  peering  points  on  the  Internet 
where  other  service  providers  set  up 
direct  peering  relationships  to  exchange 
traffic.  MAE  Extended  Service  lets  ser¬ 
vice  providers  and  large-business  users 
set  up  peering  agreements  with  other 
MAE  customers  even  if  they  are  not  in 
the  same  facility.  MCI  has  MAEs  in 
Chicago,  Dallas,  Los  Angeles,  New  York, 
San  Francisco  and  Washington,  D.C.The 
service  costs  $2,500  for  a  50M  bit/sec 
Gigabit  Ethernet  or  OC-3  port  or  $3,750 
for  a  75M  bit/sec  OC-12  port.  MCI  also 
charges  users  for  all  outgoing  traffic 
ranging  from  $25  to  $50  per  megabit 
depending  on  volume. 


sells  indirectly  Level  3  hasn’t  been  able  to 
demonstrate  to  the  marketplace  that  they 
can  provide  a  really  big  enterprise  with  a 
major  product  category  like  IP  VPN  ser¬ 
vices.  This  deal  shows  that  working 
through  a  channel  partner,  a  systems  inte¬ 
grator,  they  can  actualize  the  strategy  they 
put  out  there.” 

Sears  will  use  Level  3’s  (3)Flex  Network 
IP  VPN  services  to  replace  multiple  legacy 
networks  with  one  network  based  on  MPLS 
technology  Sears  will  be  able  to  run  voice, 
data  and  video  traffic  over  Level  3’s 
MPLS  converged  network. 

Howard  says  he  believes  Level  3  was 
selected  because  “their  network  is  rock 
solid,  their  IP  VPN  service  is  rock  solid  and 
their  pricing  has  to  be  good  in  order  to  lay 
in  a  10-year  contract.” 

Level  3’s  announcement  comes  just  two 
months  after  the  company  expanded  its 
(3)Flex  Network  IP  VPN  services  and  said  it 
planned  to  boost  sales  through  systems  in¬ 
tegrators  and  value-added  resellers. 

Level  3  officials  credit  their  leading-edge 
MPLS  network  as  the  main  reason  behind 
contract  wins  such  as  the  CSC/Sears  deal. 

“We  have  an  all-MPLS  network.  We  can 
provide  end-to-end  class  of  service  from 
the  customer-edge  links  across  the  back¬ 
bone.  That’s  unique” says  product  manager 
Collin  SeIlman.“We  have  the  network  and 
the  integrated  suite  of  products  that  other 
[carriers]  are  trying  to  get  to.  We  don’t 
have  any  legacy  frame  relay  switches  or 
legacy  ATM  switches.  We’re  already  at 
convergence.” 

Level  3  officials  wouldn’t  comment  on 
the  dollar  value  of  the  CSC/Sears  deal.  M 


Sprint  offers 
first  SLAs  for 
wireless 

■  BY  DENISE  PAPPALARDO 

Sprint  has  become  the  first  wireless  ser¬ 
vice  provider  to  offer  standard  perfor¬ 
mance  guarantees  with  its  voice  services. 

Last  week  the  carrier  launched  its  net¬ 
work  service-level  agreements  (SLA) 
that  promise  fewer  than  2%  of  voice 
calls  will  be  blocked  or  dropped,  and 
99.9%  network  availability  per  month. 
The  SLAs  apply  only  to  business  cus¬ 
tomer  contracts. 

“By  guaranteeing  products,  [Sprint]  is 
offering  customers  peace  of  mind,”  says 
Keith  Waryas,  research  manager  for  wire¬ 
less  business  network  services  at  IDC.'At 
least  Sprint  is  showing  customers  that  it 
will  put  its  skin  in  the  game  to  provide 
best-effort  services.” 

If  Sprint  does  not  meet  any  of  these 
guarantees,  users  will  be  credited  10%  of 
their  regular  monthly  charges. 

Waryas  says  the  average  business  user 
spends  about  $60  per  month.  He  says  a 
company  with  5,000  wireless  users  might 
spend  about  $300,000  per  month  on  wire¬ 
less  services,  meaning  those  credits 
would  amount  to  serious  money. 

To  see  if  Sprint  lived  up  to  its  SLA,  cus¬ 
tomers  have  to  go  to  a  password-protected 
Web  site  monthly  to  view  wireless  net¬ 
work  performance  metrics.  If  one  or  all 
metrics  are  missed,  the  customer  then  is 
required  to  request  a  credit.  Although  the 
guarantees  are  based  on  network-wide 
averages,  Sprint  is  not  offering  proactive 
credits  at  this  time. 

Offering  SLAs  is  “a  smart  move  for 
Sprint,”  Waryas  says.  As  Cingular  Wireless 
and  AT&T  Wireless  merge,  Sprint  will  be 
the  third-largest  wireless  provider. 

“Sprint  has  been  fairly  aggressive  in 
how  it  approaches  customers,  and  it  will 
continue  to  do  so  as  the  number  of  play¬ 
ers  drop,”  he  says. 

The  guarantees  are  automatically  avail¬ 
able  to  all  new  Sprint  customers  and 
existing  customers  renewing  contracts. 
Customers  that  have  time  remaining  on 
their  contracts  must  request  to  have  the 
SLAs  added  to  their  contracts.  ■ 
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Security  today  means  playing  ‘defense-in-depth' 


As  recently  as  three  years  ago,  if  you 
asked  IT  executives  to  describe  their 
information  security  strategies,  youd 
get  an  earful  about  “perimeter  hardening” 
(carefully  firewalling  all  points  of  the  net¬ 


work  connected  to  third  parties). The  idea 
was  that  if  you  locked  down  access  to  your 
network,  youd  automatically  protect  appli¬ 
cations,  data  and  resources. 

That  approach  worked  fine  for  a  while. 


The  reason  the  world's  leading  companies 
rely  on  Equant  for  their  global  communications 


Your  business  communications  can't  be 
left  to  chance.  Fortunately,  there's  a 
provider  with  the  track  record  to  inspire 
your  confidence.  An  innovator  with  over  5  years 
experience  using  convergence-ready  MPLS 
technology  that  powers  business  solutions 
for  over  1100  companies.  A  provider  trusted 
by  the  world's  leading  companies. 

That  provider  is  Equant. 

Seamless.  And  that  trust  doesn't  stop  at 
any  border  -  because  Equant  is  everywhere. 
With  people  in  165  offices,  a  seamless  global 
network  that  covers  220  countries  and 
territories,  and  supported  locally  in  the  local 
language.  Our  customized  communication 
solutions  can  enable  your  key  business 
processes  wherever  you  want  to  do  business  - 
including  emerging  markets  like  India  and  China. 


Stable.  What's  more,  you  can  trust  us 
to  deliver  real  results  for  business  critical  needs. 
Solid  financials  and  steady  growth,  on  both 
client  list  and  balance  sheet.  But  don't  take 
our  word  for  it;  analysts  have  praised  Equant's 
solutions  for  global  businesses  for  years. 

Demonstrating  business  value.  And  that's 
how  we'll  earn  your  trust  -  by  understanding 
your  business  before  talking  technology. 

Our  approach  is  consultative,  not  hard-sell; 
our  people  build  relationships  by  demonstrating 
business  value  with  the  more  than  80  proven 
Equant  products  and  solutions.  We'd  like 
to  start  proving  ourselves  to  you  today. 

Go  to  the  link  below  and  see  why  Equant 
is  worthy  of  your  trust. 

www.equant.com/usa 
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Creating  answers  together. 


But  anyone  who  bases  a  security  strategy 
on  perimeter  hardening  these  days  is  head¬ 
ed  for  trouble.  Most  large  organizations 
today  are  taking  an  information-protection 
strategy  known  as  "defense-in-depth"  that’s 
more  comprehensive  (but  also  more  chal¬ 
lenging)  than  previous  approaches. 

Defense-in-depth  lets  IT  executives  more 
effectively  tie  their  network  security  strate¬ 
gies  into  the  overall  organizational  “infor¬ 
mation  stewardship”  policy  As  noted  in  my 
last  column  (www.nwfusion.com,  Doc- 
Finder:  3328),  over  time  I  believe  the  disci¬ 
pline  of  information  stewardship  will  en¬ 
compass  not  only  information  manage¬ 
ment  but  security  storage  and  recovery  — 
which  makes  migrating  to  a  defense-in- 
depth  architecture  even  more  critical. 

The  fundamental  challenge?  You  can’t 
achieve  security  by  keeping  all  third  parties 
off  your  network.  That  goal  is  virtually  im¬ 
possible  to  attain:  100%  of  IT  executives  who 
participated  in  a  recent  Nemertes  security 
benchmark  said  they  granted  third  parties 
at  least  some  access  to  sensitive  resources. 

Even  if  it  were  possible,  doing  so  would 
preclude  many  critical  business  processes, 
which  require  organizations  to  be  able  to 
communicate  effectively  with  partners,  cus¬ 
tomers  and  suppliers.  The  world  is  increas¬ 
ingly  externalized,  and  any  security  strategy 
that  doesn’t  recognize  this  is  a  non-starter. 

And  as  we  all  know,  outsiders  aren’t 
always  the  bad  guys.  Insiders  commit  the 
majority  of  computer  security  breaches 
(80%,  according  to  a  CSI/FBI  2003  survey). 

To  create  an  effective  defense-in-depth 
strategy,  IT  executives  need  an  architecture 
that  intelligently  grants  permission  to  appli¬ 
cations,  data  and  resources.  Typically  this 
means  deploying  identity  management 
systems  that  recognize  the  identity  of  an 
individual  or  application  attempting  to 
gain  access  and  map  it  against  the  policy 
for  that  type  of  access.That.in  turn,  requires 
a  highly  detailed  understanding  of  what  is 
being  protected  and  from  whom. 

It’s  often  the  data  (not  applications  or  de¬ 
vices)  that’s  most  critical,  thanks  to  privacy 
and  accuracy  regulations  most  organiza¬ 
tions  must  now  comply  with.This  has  many 
implications.  Network  managers  might 
need  to  revise  encryption  strategies,  replac¬ 
ing  link-layer  encryption  (which  protects 
data  on  the  wire  but  not  in  the  system) 
with  end-to-end  encryption  that  protects 
data  from  unauthorized  access  even  by 
insiders.  Obtaining  root-level  access  to 
routers  and  servers  shouldn’t  provide 
access  to  data;  even  database  administra¬ 
tors  might  not  get  to  see  all  the  records 
that,  say  business  managers  might  see. 

Bottom  line:  Network  managers  should 
reassess  their  security  architectures  in  the 
overall  context  of  “information  steward¬ 
ship” —  and  enabling  defense-in-depth  is  a 
great  first  step. 

Johnson  is  president  and  chief  research 
officer  at  Nemertes  Research,  an  indepen¬ 
dent  technology  research  firm.  She  can  be 
reached  at  johna@nemertes.com. 
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■  PRODUCTS,  SERVICES  AND  STRATEGIES 
FOR  TYING  TELEWORKERS  TO  THE  ENTERPRISE 


■  Citrix  Online,  a  new  division  of 
Citrix  Systems  formed  when  it  ac¬ 
quired  ExpertCity,  recently  announced 
a  free  15-day  trial  of  its  new  online 
meeting  service.  GoToMeeting  offers 
screen  sharing,  integration  with 
e-mail  and  instant-messaging  applica¬ 
tions,  and  free  audio  conferencing. 
Connections  are  128-bit  Advanced 
Encryption  Standard  encrypted.  The 
service  costs  $49  per  month  or  $468 
per  year  for  unlimited  use. 

■  Half  the  firms  in  a  new  Sage 
Research  study  spend  between  $500 
and  $5,000  per  year,  per  teleworker,  on 
IT  support.  Of  the  104  firms  with  more 
than  100  employees  surveyed,  only  4% 
said  they  spend  nothing  on  telework¬ 
ers,  and  only  9%  spend  between 
$5,000  and  $10,000  per  teleworker. 
Twenty-six  percent  spend  between 
$2,500  and  $4,999,  and  26%  spend 
between  $500  and  $999. 

■  A  recent  survey  by  the  Society  for 
Human  Resource  Professionals 

of  459  HR  managers  found  employers 
have  maintained  or  slightly  increased 
most  employee  benefits.  Thirty-six 
percent  of  respondents  offer  part- 
time  telecommuting  and  19%  offer 
full-time  telecommuting,  both  up  by 
2%  from  last  year. 

■  WildBlue,  a  start-up  satellite 
broadband  provider  gearing  service  to 
rural  communities  and  small  cities 
underserved  by  DSL  and  cable, 
recently  launched  its  Telesat  Anik  F2 
satellite.  The  satellite  uses  Ku-  and 
Ka-band  transponders,  and  modems 
built  on  the  DOCSIS  standard,  which 
WildBlue  says  will  keep  equipment 
costs  low.  Service  is  expected  to 
launch  early  next  year.  Pricing  has  not 
been  released. 

li  The  International  Telework  Asso¬ 
ciation  and  Council  will  hold  its 
annual  conference  Sept.  20-21  in  Silver 
Spring,  Md.The  theme  is  "Main- 
streaming  Telework  for  Organizational 
Excellence."  Topics  include  workforce 
trends  and  an  update  on  laws  affect¬ 
ing  teleworkers. 
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Through  acquisitions  and  partner¬ 
ships ,  Check  Point  has  expanded  its 
reach  to  small  offices,  offering  secu¬ 
rity  appliances,  subscription  services 
and  consumer  software.  President 
Jerry  Ungerman  recently  talked  to 
Net.  Worker  Managing  Editor  Toni 
Kistner  about  the  needs  of  this 
growing  market. 


Check  Point  first  made  a  big  play  in  the  SOHO  market  two  years 
ago  with  the  acquisition  of  SofaWare  and  the  launch  of  a  security 
appliance.  Then  things  got  quiet  until  last  year  when  you  launched 
the  Safe@0ffice  VPN/firewall  line.  How  did  this  device  evolve  from 
the  SofaWare  device?  Is  it  the  same? 

When  we  announced  the  SofaWare  acquisition  and  prod¬ 
uct  in  January  2002,  we  wanted  our  partners  —  Nokia,  Sun, 
IBM,  Nortel  —  to  bring  it  to  market.  Over  the  next  18 
months,  Nokia  decided  to  concentrate  on  enterprise  re¬ 
mote  offices  instead,  and  the  others  didn’t  gain  enough 
traction.  So  last  summer,  we  introduced  two  new  Check 
Point-branded  product  lines  with  upgraded  hardware  and 
software.The  VPN-1  Edge  product  is  geared  to  large  VPN 
deployments,  thousands  of  offices,  and  for  small  businesses, 
the  Safe@Office  line,  which  has  four  models  suited  to  one 
to  100  users. 

Does  a  Check  Point  partner  still  build  the  hardware? 

No,Safe@Office  carries  our  brand,  and  we  have  them 
manufactured  in  Taiwan  like  everybody  else.  Small  busi¬ 
nesses  get  it  preloaded  and  already  running, easy  to  install. 

Are  you  going  after  the  SMB  market  too?  It  seems  everybody  is. 

Yes,  but  we  define  it  differently  For  1 1  years  we’ve  been  in 
the  enterprise  market;  were  in  97  of  the  Fortune  100, in  93% 
of  the  Fortune  500.  We  have  100,000  customers. Then  we 
made  a  commitment  to  go  after  the  small-  and  medium- 
businesses  markets.  But  while  some  refer  to  one  SMB  mar¬ 
ket,  we  find  there  are  significant  differences  in  the  users, 
their  capabilities,  their  needs.  So  we’ve  broken  it  down. 
Small  is  one  to  100  and  medium  is  101  to  500. 

We  have  the  same  problem  with  SMB.'  It  s  much  too  broad. 

Yes, the  markets  too  diverse. And  we  know  there’s  a  big 
difference  between  a  five- and  100-person  company;  we 
still  need  to  break  small  businesses  further  into  segments. 

How  exactly  do  you  define  them? 

By  the  number  of  employees  accessing  the  Internet  and 
by  number  of  offices.  A  small  business  would  primarily 
have  one  office,  maybe  with  some  teleworkers.  A  medium 
office  would  have  up  to  three  locations  and  500  employ- 
ees.The  five-person  small  business  doesn’t  have  an  IT  per¬ 
son;  the  100-person  office  maybe  does,  but  probably  just 


one  overall  IT  application  person. The  medium  office  has 
an  IT  person  and  maybe  a  security  person. 

How  is  your  revenue  divided  among  these  markets  now? 

Of  course  enterprise  still  dominates  with  about  75%  to 
80%.The  rest  is  medium  and  small  businesses,  a  bit  more  of 
the  medium-business  market. 

What  meyor  security  threats  do  small  businesses  face  today? 

The  day  they  sign  up  for  broadband  is  the  day  they  need 
to  start  worrying.  And  many  don’t  realize  it  —  even  1  have  a 
number  of  friends  who  are  running  small  businesses  and 
I’m  amazed  by  their  lack  of  understanding. They  just  don’t 
have  the  awareness  that  the  Internet  exposes  their  business 
to  hacking  and  attacking  and  worms  and  viruses,  that  it 
can  be  damaged  and  shut  down. That  one  attack  would 
cost  far  more  than  a  $300  or  $1,000  solution  from  us,  and 
much  more  than  the  monthly  fee  for  a  managed  service. 

How  is  Check  Point  educating  small  businesses? 

Mostly  through  partnerships  with  resellers  and  broadband 
service  providers  like  AT&T.  Many  broadband  providers 
haven’t  been  aggressive  in  explaining  to  small  businesses 
that  they  need  a  security  solution  because  they  haven’t 
had  one  to  offer.  So  we  recently  partnered  with  McAfee  to 
develop  Secure-1,  which  takes  our  small-office  appliance 
with  VPN  and  firewall  and  adds  McAfee’s  anti-virus  soft¬ 
ware.  We’re  taking  it  through  the  channel  so  small  busi¬ 
nesses  can  get  it  as  a  managed  service. We  manage  it  and 
put  the  policies  in  place  and  ensure  everything’s  up  to  date 
and  protected. 

You  also  acquired  Zone  Labs  just  after  Christmas.  What  can 
small  businesses  and  consumers  expect? 

Zone  Labs  is  the  largest  provider  of  consumer-based  per¬ 
sonal  firewalls.The  company  just  recently  announced  a 
new  security  suite  that  includes  firewall,  anti-virus,  malware 
and  spyware,  available  for  download  for  small  businesses 
and  consumers. 

Does  the  new  suite  use  any  Check  Point  technology? 

No,  although  we’ll  introduce  a  product  later  this  year  that 
will  integrate  all  of  Check  Point’s  and  Zone  Labs’  technol¬ 
ogy.  It’ll  be  primarily  for  the  enterprise,  but  some  of  it  might 
get  into  the  consumer  product.  And  some  will  get  into  the 
small-business  products  for  sure. 

What  are  you  working  on  for  intrusion  detection? 

For  the  enterprise,  we  announced  InterSpect  in  January 
an  internal  security  gateway  that  deals  with  worms  and 
viruses  inside  the  network  down  to  the  actual  host. 

Will  that  capability  come  down  to  the  small  business? 

A  lot  of  it  is  already  there.  We’ll  add  more,  the  appropriate 
level  of  protection  against  worms  and  viruses  —  just  like 
the  big  guys  have  to  worry  about.® 


Network  modeling  detects  anomalies 


■  BY  JOSE  NAZARIO 

As  network  attacks  become  increasingly 
sophisticated  and  frequent,  it  has  become 
nearly  impossible  for  security  administra¬ 
tors  to  keep  pace  with  every  exploit,  worm, 
virus  and  denial-of-service  attack.  To 
address  this  issue,  new  relational  network¬ 
modeling  systems  detect  security  threats 
by  recognizing  when  network  traffic  pat¬ 
terns  vary  from  the  norm. 

Implemented  through  software,  relational 
network  modeling  analyzes  the  role  of  sys¬ 
tems  on  a  network,  examining  all  inter-host 
relationships  and  communications.  Col¬ 
lection  devices  placed  in  the  network 
monitor  traffic  directly  either  by  capturing 
raw  packets  or  from  flow  exports  built  by 
routers  and  switches. 

The  data  is  aggregated  centrally,  and  the 
relational  network-modeling  system  pro¬ 
cesses  it  to  find  the  common  patterns  of 
normal  network  traffic,  including  patterns 
for  certain  times  during  the  workweek.  By 
gathering  data  directly  from  a  network,  the 
model  system  accurately  represents  the 
network’s  behavior  from  various  obser¬ 
vation  points,  including  the  ability  to  sort 
and  graph  by  service,  client  and  server. 


Got  great  ideas 


■  Network  World  is  looking  for  great 
ideas  for  future  Tech  Updates.  If  you 
want  to  contribute  a  primer  on  a  spe¬ 
cific  technology,  standard  or  protocol, 
contact  Amy  Schurr,  senior  managing 
editor,  features  (aschurr@nww.com). 


This  approach  assumes  that  hosts  gener¬ 
ally  will  have  a  set  of  behaviors  they  rarely 
drift  from  so  that,  for  example,  Web  clients 
always  will  be  Web  clients,  not  Web  servers. 
For  instance,  Host  A  is  a  client  of  Host  E 
using  the  HTTP  protocol,  but  Host  A  talks  to 
Host  D  using  the  DNS  protocol. And  Host  D 
does  not  suddenly  start  behaving  as  an 
HTTP  server  for  Host  A  under  normal 
circumstances. 

After  a  relational  network-modeling  sys¬ 
tem  gathers  data,  it  builds  a  model  that  ad¬ 
ministrators  can  use  to  define  and  enforce 
a  policy  When  deviations  from  acceptable 
use  occur  in  the  network,  security  alerts 
warn  administrators  of  the  change,  a  pro¬ 
cess  known  as  anomaly  detection. 

Administrators  can  use  relational  net¬ 
work-modeling  data  to  quickly  character¬ 
ize  a  worms  behavior  and  quarantine  traf¬ 
fic  specific  to  the  worm’s  propagation  with¬ 
out  disrupting  normal  business  traffic. 
Administrators  then  can  enforce  the  nor¬ 
mal  network  model,  using  internal  subnet 
firewalls,  router  and  switch  access  control 
list  statements,  and  virtual  LAN  ACL  state¬ 
ments  to  create  exceptions  for  previously 
accepted,  or  normal,  traffic  and  deny  all 
other  traffic.  Relational  network-modeling 
systems  helps  generate  these  ACL  state¬ 
ments  and  push  them  out  to  network  con¬ 
trol  plane  switches,  routers  and  firewalls. 

Taking  this  a  step  further,  administrators 
can  use  the  relational  network  model  to 
protect  their  networks  before  a  worm  or 
attack  infects  the  first  host.  This  is  accom¬ 
plished  by  using  the  model  generated  dur¬ 
ing  the  policy-creation  process  to  strictly 
enforce  acceptable  network  behavior.  Such 
preemptive  acts  can  be  taken  the  minute  a 
new  vulnerability  is  made  public  and 


■  HOW  IT  WORKS 


Relational  network  modeling 

Relational  network  modeling  analyzes  the  roles  of 
systems  on  a  network.  The  modeling  system  detects 
anomalies  by  recognizing  when  behavior  deviates 
from  the  norm. 


O  Relational  network¬ 
modeling  software  learns 
the  host  patterns  across  a 
network  and  creates  a 
model  of  normal  network 
behavior. 


©  A  worm  infects  a 
computer  in  the 
Sales  department 
and  begins 
propagating. 


©  The  relational  network¬ 
modeling  software  alerts 
security  administrators 
to  abnormal  traffic  and 
quarantines  it  at  the 
switch. 


o  After  the  worm  has 
been  quarantined, 
normal  traffic 
continues  to  flow 
across  the  network. 


before  hackers  write  worms  to  capitalize 
on  it. 

Detecting  anomalies  using  relational 
modeling  provides  real-time  worm  detec¬ 
tion  without  requiring  signatures  or 
advance  knowledge  of  an  attack.  Ad¬ 
ministrators  can  react  much  faster  and 
more  precisely  using  relational  network 
modeling  than  a  team  of  network  opera¬ 
tors,  who  today  must  turn  off  individual 


machines,  patch  them  when  a  signature 
update  is  available,  and  then  turn  them 
back  on.  The  result  is  networks  that  are 
made  more  secure  by  proactively  stopping 
attacks  without  disrupting  normal  business 
operations. 

Nazario  is  a  security  researcher  for  Arbor 
Networks.  He  can  be  reached  at  jose 
@arbor.net. 


Dr.  Internet 


By  Steve  Blass 


We're  revising  several  Web  sites  and  want  to 
ensure  they  meet  Web-accessibility  guidelines  and 
Section  508  standards.  Where  can  we  find  infor¬ 
mation  on  the  standards,  and  are  there  automat¬ 
ed  tools  for  evaluating  and  updating  pages  and 
sites  for  accessibility? 

The  World  Wide  Web  Consortium’s  Web  Accessi¬ 
bility  Guidelines  are  at  www.w3.org/WAI.  Informa¬ 
tion  on  federal  Section  508  standards  is  available 
at  www.section508.gov.  The  Web  Accessibility  in 


Mind  site  (www.webaim.org)  provides  links  to  free 
and  commercial  evaluation  and  repairtools.The 
site  lists  several  online  page-evaluation  services 
and  has  as  an  accessibility  toolbar  download  for 
Internet  Explorer  from  the  Australian  National 
Information  and  Library  Service,  plus  several  com¬ 
mercial  products  and  services  for  ensuring  Web 
site  accessibility.  Most  of  the  free  evaluation  tools 
produce  a  report  that  describes  the  problems  with 
your  current  page  and  provides  recommendations 
for  repairing  it.  Automated  page  revision  and 


large-scale  accessibility-compliance  project-man¬ 
agement  features  are  found  among  the  commer¬ 
cial  products.  For  example,  Dreamweaver  MX 
includes  Lift  from  Useablenet.com.  ro  niv-c!  a 
page  for  compliance  in  Dreamweaver,  choose 
Reports  from  the  Site  menu,  check  tho  Accessibil¬ 
ity  box  and  click  Run  to  generate  a  rsport. 

Blass  is  a  network  architect  at  Cha:.ge@Work  in 
Houston.  He  can  be  reached  at  ■  •  ntcrnet@charige 

atwork.com. 


The  ultra  reliable  IBM  eServer  xSeries  365  system  -  with  powerful  Intel®  Xeon™  processors  -  can  make  your  work,  and 
IT  selection  process,  easier.  With  three  levels  of  memory  protection  and  a  comprehensive  monitoring  of  key  components,  it’s 
all  about  uptime.  So  you  get  outstanding  reliability  when  running  mission-critical  ERP,  collaboration  and  database  applications. 
The  works.  Management  is  easier,  too.  You  can  have  around-the-clock  remote  access,  on  demand.  And  system  status  can  be 
available  even  when  powered  off.  For  more  on  highly  available,  manageable  xSeries  servers,  go  to  ibm.com/eserver/advantage 


5  reasons  more  and  more  businesses  are  turning  to  IBM  eServer ™  xSeries s  systems  with  Intel  Xeon  processors. 


Scale  1-16  way  with  select 

IBM  Director  systems 
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24/7/365  optional  onsite 
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management. 
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technologies. 

hardware  support.' 
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The  easy  choice.  Dependability. 
IBM  eServer  xSeries  365  system. 


Additional  charges  apply  Standard  support  includes  next-business-day  response  in  some  countries  IBM  the  e-business  logo,  eServer,  the  eServer  logo  and  xSeries  are  trademarks  or  registered  trademarks  at  Internatiw 
Business  Machines  Corporation  in  the  United  States  and/or  other  countries.  Intel.  Intel  Inside,  the  Intel  Inside  logo  and  Intel  Xeon  are  trademarks  or  registered  trademarks  ot  Intel  Corporation  or  its  subsidiaries  in  the 
United  States  and  other  countries.  Other  company,  product  and  service  names  may  be  trademarks  or  service  marks  of  others.  ©2004  IBM  Corporation.  All  rights  reserved. 
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A  few  tools,  a  technology  and  some  cool  software 
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Tool  1:  There  are  any  number  of  re¬ 
placements  for  the  Windows  Notepad 
text  editor,  and  while  some  of  the 
charged-for  products  are  good,  there’s  one 
we  use  that  has  great  features,  and  even 
better,  it’s  free. 

Crimson  Editor  (www.crimsoneditor. 
com)  is  not  only  a  terrific  notepad  replace¬ 
ment,  it  is  also  a  powerful,  flexible  editor 
sensitive  to  the  needs  of  programmers. 

What  we  like  about  Crimson  Editor  are 
the  interface,  which  provides  a  tab  for  each 
open  document,  the  ability  to  define  a  set 
of  files  as  a  “project”  and  automatic  color¬ 
ing  of  keywords  and  other  elements  for 
many  languages.  (You  also  can  define  your 
own  coloring  rules.)  There’s  also  a  built-in 
calculator  (fabulously  useful),  and  integra¬ 
tion  with  C/C++  compilers,  Java  2  software 
developers  kit,  the  Perl  interpreter  and  the 
LaTeX  compiler. 

You  can  execute  programs  from  within 
the  editor,  save  and  replay  keystroke 
macros,  set  Crimson  Editor  as  the  default 


source  editor  for  Internet  Explorer  and  add 
Crimson  Editor  to  the  context  (right  mouse 
button)  menu  of  Windows  Explorer.  Did  we 
mention  it  is  free?  Outstanding! 

A  technology:  Self-Monitoring,  Analysis 
and  Reporting  Technology  (SMART)  for 
hard  disk  drives.  IBM  created  the  technol¬ 
ogy  behind  SMART  —  Predictive  Failure 
Analysis  —  based  on  the  notion  that  hard¬ 
ware  failures  can  be  unpredictable  or  pre¬ 
dictable.  Unpredictable  failures  include 
things  such  as  a  chip  failing  —  something 
that  usually  happens  suddenly 

Performance  measurements  (such  as 
tracking  how  long  a  drive  takes  to  spin  up 
or  down,  the  bearing  temperature  and  the 
current  consumption  of  the  drive  motor) 
can  identify  predictable  failures  (such  as 
the  failure  of  drive  motor  bearings). 

Also  measured  are  decreasing  head  fly¬ 
ing  height  (head  crashes  obviously  come 
at  the  end  of  a  downward  trend);  increas¬ 
ing  number  of  remapped  sectors  (increas¬ 
ing  value  can  indicate  a  drive  heading 
south);  increasing  error  correction  use  and 
error  counts;  increasing  spin-up  time 
(increasing  values  indicate  potential 
motor  failure);  increasing  temperature;  and 
decreasing  data  throughput. 

Drive  manufacturers  pre-program  “ac¬ 
ceptable”  values  for  these  diagnostic  para¬ 


meters  into  drives. When  a  measured  value 
or  trend  falls  outside  of  the  acceptable 
range  an  alert  code  is  set  in  the  drive’s 
SMART  status  register  that  can  be  read  by 
diagnostic  utilities.  These  utilities  track  the 
SMART  status  data  and  raise  alerts  to  the 
PC  system  when  problems  are  detected. 

Tool  2:  SpeedFan  (www.nwfusion.com, 
DocFinder:  3329)  is  a  freeware  Windows 
9x,  ME,  NT,  2000  and  XP  program  that  mon¬ 
itors  fan  speeds,  temperatures  and  voltages 
for  motherboards  with  hardware  monitor¬ 
ing  chips,  and  can  access  and  report  on 
SMART  hard  disk  diagnostic  information. 

You  can  even  tune  the  performance  of 
fans;  track  CPU  utilization;  monitor  power- 
supply  output  voltages;  change  processor 
and  front-side  bus  clock  speeds  (not  some¬ 
thing  to  be  done  casually);  provide  a  de¬ 
tailed  report  of  SMART  parameters;  and 
graph  fan  speeds,  temperatures  and  volt- 
ages.You  have  got  to  check  this  out! 

Tool  3:  If  you  want  a  SMART  diagnostic 
tool  that  will  work  in  a  network  environ¬ 
ment,  check  out  Active  SMART  from  Ariolic 
Software  (DocFinder:  3335). 

Active  SMART  provides  comprehensive 
SMART  monitoring  and  reporting,  and  will 
display  alert  pop-ups,  send  network  mes¬ 
sages,  and  send  alerts  by  e-mail  (the  prod¬ 
uct  has  a  built-in  SMTP  client)  when  prob¬ 


lems  are  detected.  Active  SMART  is  priced 
starting  at  about  $25  per  user. 

Cool  software:  There  are  hundreds  of 
Internet  radio  stations,  many  of  them  adver¬ 
tising  and  even  DJ-free  —  check  out  a  cou¬ 
ple  of  our  favorites,  SomaFM  and  KCRW 
(DocFinders:  3330  and  3331). 

But  wouldn’t  you  like  to  make  tapes  of  In¬ 
ternet  radio  content?  The  answer  is  Station 
Ripper  (DocFinder:  3332),  a  tool  that  can 
capture  audio  from  one  or  more  simulta¬ 
neous  Shoutcast  streams. 

Shoutcast  (DocFinder:  3333)  is  a  free  dis¬ 
tributed  streaming  audio  system  from  Null- 
soft  based  on  its  also  free  Winamp  digital 
audio  player  (DocFinder:  3334), which  hun¬ 
dreds  of  Internet  broadcasters  use. 

When  Shoutcast  sends  streaming  audio 
data  it  includes  whatever  identifying  meta¬ 
data  the  station  cares  to  include,  such  as 
artist,  album  and  track  name.  Station 
Ripper  opens  a  file  and  saves  the  audio 
datastream  in  MP3  format,  adding  the 
metadata  as  MP3  IDv3  header  tags  and 
naming  the  file  using  the  same  metadata. 

How  long  until  the  Recording  Industry 
Association  of  America  gets  its  knickers  in 
a  twist  over  this? 

Cries  of  “Shhhh!  Don’t  talk  about  it!”  to 
gearhead@gibbs.  com. 


Quick  takes 
on  high-tech  toys 

By  Ke»th  Shaw 


The  scoop:  ZyAir  802.1  lg  wireless  USB  adapter  (ZyAir 
G-220),from  Zyxel, about  $100. 

What  it  does:  This  small  device,  about  the  size  of  a  stick  of 
gum,  gives  802.1  lg  wireless  LAN  (WLAN)  connectivity  to 
any  USB-enabled  computer  (Windows  98  or  above)  that 
does  not  have  a  built-in  WLAN  connection  (aka  older  com- 
puters).The  device  also  can  act  as  a  WLAN  access  point  for 
notebooks  that  already  have  an  Internet  connection. 

Why  it’s  cool:  The  access-point  ability  of  the 
adapter  is  what  intrigued  us,as  we’ve  tried  sev¬ 
eral  USB  wireless  adapters.  Basically  if 
your  computer  already  has  a 
wired  Internet  connec¬ 
tion  but  you 
want  to 


ZyAir’s  USB  adapter 
can  act  as  a  wireless 
bridge  between  computers, 
but  setup  is  cumbersome. 


share  that  connection  with  other  devices,  this  adapter  can 
act  as  a  wireless  bridge  for  the  other  devices.This  could  be 
useful  in  situations  such  as  in  a  hotel  room  where  there’s 
one  cable  but  several  notebooks  need  to  use  the  Internet. 

It’s  a  good  idea  in  theory  but  in  practice  we  found  it  some¬ 
what  difficult  to  set  up.The  client  utility  does  a  valiant  effort 
trying  to  make  this  easy  but  several  pesky  network  needs 
get  in  the  way  To  bridge  the  connection,  we  had  to  discov¬ 
er  the  IP  address  of  the  wired  connection,  then  assign  a  sta¬ 
tic  IP  address  to  the  WLAN  connection  and  make  sure  that 
the  IP  address  was  on  the  same  subnet  and  that  the  same 
gateway  was  indicated.  After  this,  we  had  to  assign  a  static 
IP  address  to  any  client  that  wanted  to  use  the  WLAN  con¬ 
nection  (we  tried  to  get  our  Dynamic  Host  Configuration 
Protocol  server  to  do  it,  but  it  never  reacted). 

Even  then,  on  our  first  attempt,  the  bridge  didn’t  work. We 
were  asked  to  download  a  new  driver  for 
Windows  2000  support,  but  the  link 
we  were  given  didn’t  work. 

So  as  a  basic  WLAN  adapter, 
the  device  works  fine.  But  the 
access-point  ability  of  the 
adapter  needs  some  software 
improvements. 

Grade:  -kirk  (out  of  five) 

The  Scoop:  Fireball  KeyFbint,  from 
RedCannon,  about  $150  for  256M 
bytes;  $300  for  512M  bytes. 

What  it  does:  The  Fireball  KeyFbint  is  a 
USB  flash  device  that  lets  mobile  workers  get  their 
work  done  securely  when  on  the  road  and  accessing  unse¬ 
cure  systems, such  as  Internet  kiosks  or  machines  not  man¬ 
aged  by  their  IT  departments.  Applications  on  the  KeyFbint 
include  a  spyware  scanner,  a  secure  Web  browser,  private 
file  storage  vault  (with  128-bit  Advanced  Encryption 
Standard  encryption), and  a  secure  e-mail  client. 

Upon  connecting  the  KeyFbint  device  to  a  computer  with 


The  Fireball  KeyPoint  USB  device 

Phelps  ease  IT  fears  of  having 
unprotected  data  on  the  Web. 


an  open 
USB  port,  the  Key¬ 
Fbint  spyware  scanner  checks 
the  system  for  any  key  loggers, Trojans, 
spyware,  adware  or  other  suspicious  programs.  If  it  finds 
something,  it  alerts  a  user.  It  doesn’t  delete  these  programs, 
but  lets  users  decide  if  they  want  to  continue. 

The  secure  browser  opens  a  Web  browser  that  stores 
cookies  and  Web  browsing  history  on  the  KeyFbint  device 
instead  of  the  local  computer;  the  e-mail  client  lets  you  ac¬ 
cess  e-mail  accounts  without  opening  Outlook  or  anything 
on  the  device.The  Vault  application  lets  you  bring  your  data 
with  you  on  the  road,  encrypting  the  files  as  well. 

Why  it’s  cool:  As  more  opportunities  come  for  mobile 
workers  to  access  corporate  networks  without  having  to 
carry  a  laptop, so  will  the  chances  for  people  to  take  advan¬ 
tage  of  that  access.  Internet  kiosks  and  other  computers 
that  are  convenient  for  workers  are  great,  but  Web  browsing 
and  e-mail  checking  have  a  way  of  leaving  leftover  data  that 
the  bad  guys  can  exploit. The  KeyFbint  device  solves  these 
issues  and  can  help  ease  IT  fears  about  having  unprotected 
data  in  the  mobile  computing  wilderness. 

Our  only  qualms  were  that  the  Web  browser  and  email 
client  were  basic.  The  browser  had  no  pop-up  blocker,  and 
the  email  client  didn’t  have  anti-spam  features,  so  mobile 
workers  who  have  those  applications  on  their  laptops  might 
be  turned  off  by  having  to  use  the  KeyFbint  versions. 

But  the  spyware  scanner  and  Vault  application  are  great, 
and  can  be  helpful  to  bring  along  with  a  laptop  to  keep 
road  warriors  safe. 

Grade:  • 


Shaw  can  be  reached  at  kshaw@nww.com. 
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»  Wanted:  Shakers  and  movers — those  who  not  only  think  outside  the  box,  but 
who  smash  it.  Juniper  Networks  helps  you  change  your  company  for  the  better. 
Installing  sophisticated  connectivity,  instilling  confidence.  So,  take  command  of 
your  network  with  increased  intelligence,  ensured  reliability  and  impenetrable 
security.  Juniper  your  net. 
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ON  TECHNOLOGY 

John  Dix 

A  matter  of  life 
and  death 

In  a  two-year  span  beginning  in  1985,  a  type  of  com¬ 
puter-controlled  radiation  therapy  machine  called  the 
Therac-25  maimed  or  killed  six  patients  by  wrongly 
delivering  massive  doses  of  radiation  (see  www.nwfusion. 
com,  Doc  Finder:  3340). 

While  an  extreme  example,  computer  problems  in 
healthcare  can  have  dire  consequences,  which  we  have 
pointed  out  in  our  string  of  stories  about  problems  apply¬ 
ing  software  patches  to  medical  systems  (see  DocFinders: 
3341,3342  and  3343). 

These  stories  have  touched  off  a  firestorm  online,  both 
in  our  own  forums  (see  DocFinder:  3344)  and  on 
Slashdot  (see  DocFinder:  3345). 

The  issue  is  a  classic  Catch-22  that  has  resulted  in  indus¬ 
try  paralysis.  Suppliers  say  they  can’t  issue  timely  software 
patches  because  extensive  evaluation  is  needed  to  ensure 
the  patches  don’t  cause  more  problems  than  they  fix,  and 
healthcare  organizations  have  to  patch  to  stay  in  compli¬ 
ance  with  HIPAA  and  other  regulations. 

The  answer  isn’t  as  simple  as  isolating  systems  from 
open  networks  or  abandoning  Windows.  Going  back  to 
the  era  where  equipment  didn’t  talk  to  anything  else  is 
out  of  the  question,  as  one  expert  posted: “The  more 
advanced  features  you  want  a  clinical  system  to  provide, 
the  more  that  system  needs  to  integrate  with  other  sys¬ 
tems.  It’s  nice  to  be  standing  by  the  patient’s  bed  and  see 
monitoring  data.  It’s  even  better  to  be  able  to  export  that 
data  to  another  system  so  it’s  more  useful  or  display  it  on 
a  Web  site  so  MDs  can  see  it.  All  of  this  requires  network¬ 
ing  capability,  and  Microsoft  (like  it  or  not)  is  considered 
a  leader  in  the  field  for  server  software.” 

Making  matters  worse,  however,  is  all  the  finger-pointing. 
Vendors  decry  hospital  security  practices,  and  hospitals 
say  vendors  don’t  get  it.  For  example:“As  a  senior  [field 
service  engineer]  with  a  large  healthcare  equipment  ven¬ 
dor,  it  never  stops  amazing  me  how  the  hospital  is  push¬ 
ing  their  lack  of  IT  security  off  on  the  vendors.” 

And  this  from  a  hospital  worker: “Vendors  don’t  know 
the  communication  requirements  of  their  own  system  or 
state  them  so  broadly  as  to  be  useless.” 

What  is  needed  is  an  ongoing  forum  on  the  subject.  But 
it  is  heartening  to  see  the  FDA  championing  the  cause  at 
conferences  like  the  Department  of  Veterans  Affairs  event 
last  week. 

As  one  poster  from  a  vendor  said: “Is  there  an  easy  solu¬ 
tion?  Yes,  allow  IT  to  patch  patient  equipment.  Is  it  a  good 
solution?  No,  I  think  it’s  dangerous  to  the  patients.” 

We  need  vendors  to  step  up,  the  FDA  to  apply  more 
pressure  to  get  this  resolved,  and  the  finger-pointing  to  be 
replaced  by  collaborative  effort. 

—  John  Dix 
Editor  in  chief 
jdix@nww.  com 


www.nwfusion.com 


opinions 


Who  will  pay? 


In  JohnaTill  Johnson’s  column  “As  for  spectrum  allo¬ 
cation?  . . .  Let’s  get  crazy”  (www.nwfusion.com,  Doc¬ 
Finder:  3323), she  suggests  that  there  be  a  tax  levied 
on  wireless  spectrum  users  “to  fund  very  low- 
income  households  who  otherwise  couldn’t  afford 
access.”  Who  would  ultimately  be  paying  for  that 
“freebie”?  The  many  subscribers  that  have  to  bal¬ 
ance  a  budget  at  home  just  to  be  able  to  afford  ac¬ 
cess?  Johnson’s  contention  that  “all  consumers 
would  have  access  to  a  plethora  of  new  services,” 
should  this  tax  be  levied,  would  never  be  realized 
because  many  of  us  would  have  to  switch  back  to 
dial-up  or  otherwise  drop  our  broadband  services. 

I’m  tired  of  so  many  of  the  “haves”  wanting  to  use 
the  “just  barely  getting  bys”  money  to  give  the  “have- 
nots”  services  that  they  might  not  appreciate  unless 
they  have  to  work  and  struggle  to  afford  them. There 
are  many  charities,  private  organizations,  public 
libraries  and  the  like  in  this  country  to  make  avail¬ 
able  all  manner  of  services  to  the  general  public 
without  more  being  requested  from  the  working 
class.  Johnson  can  “get  crazy”  using  her  own  money 
but  please,  don’t  attempt  to  take  any  more  of  mine 
just  because  I  work  long  and  hard  hours  to  earn 
enough  to  provide  a  service  to  my  family 

Russell  Stone 
Fort  Worth, Texas 


The  real  issue 


Regarding  the  story  “Users,  vendors  treating  health¬ 
care  patching  ills”  (DocFinder:  3324):  I  don’t  know 
why  the  debate  is  focused  on  patching  —  that  pro¬ 
cess  clearly  is  broken.  It  should  be  focused  on  get¬ 
ting  these  vendors  to  implement  a  host  intrusion- 
prevention  system  and  getting  the  specific  security 
profile  of  the  device  through  the  Food  and  Drug  Ad- 

E-mail  letters  to  jdix@nww.com  or  send  them  to  John  Dix,  editor  in 
chief.  Network  World,  1 1 8  Turnpike  Road,  Southborough,  MA  01772. 
Please  include  phone  number  and  address  for  verification. 


ministration  testing  in  their  labs. This  would  ensure 
they  have  done  the  research  and  validated  the 
operation  of  their  device. 

William  Bailey 
Enterprise  architect 
ProHealth  Care 
Waukesha, Wis. 

Taming  Frankensoft 

I  have  two  quibbles  with  Mark  Gibbs’  Backspin  col¬ 
umn  “Frankensoft:  The  monster  we  made”  (Doc¬ 
Finder:  3325).  First,  my  peers  and  I  have  spent  20 
years  ensuring  that  computers  met  the  availability 
and  security  requirements  of  business.  Those  same 
systems  still  are  running  (in  updated  form)  and  ser¬ 
vicing  much  of  business  today  When  the  PC  revolu¬ 
tion  happened,  we  were  the  IT  industry;  we  were  the 
best  and  the  brightest,  and  we  absolutely  did  under¬ 
stand  and  communicate  where  we  would  wind  up. 
We  were  ignored  by  people  who  had  no  experience, 
but  an  unquenchable  demand  for  less-expensive 
computing.Today  as  Gibbs  says  so  well,  we  have  got¬ 
ten  what  we  paid  for. 

My  second  quibble  involves  Gibbs’  claim  that  “if 
we  don’t  do  something  about  our  reliance  on 
Internet  Explorer  we  risk  e-commerce  becoming  a 
mess  and  corporate  Explorer-based  systems  going 
into  meltdown.”  Not  really 
The  problems  get  solved.  It  took  IBM  years  to 
solve  the  equivalent  problems  in  mainframes  in  the 
1970s  and  ’80s.  I  consult  with  many  organizations 
with  effective  security  models  that  suffer  no 
breaches,  viruses  or  worms.  Current  technology 
can  handle  the  problems  when  properly  deployed 
and  managed,  and  Microsoft  eventually  will  get  to 
the  point  where  everyone  can  enjoy  the  same  level 
of  security,  just  like  the  mainframe. 

Chris  Byrnes 
Senior  vice  president,  security 
Meta  Group 
La  Jolla,  Calif. 


More  online!  www.nwfusion.com  Find  out  what  readers  are  saying  about  these  and  other  topics.  DocFinder  3321 
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USER  VIEW 

Chuck  Yoke 


As  an  engineering  manager, one  of  my  re¬ 
sponsibilities  is  to  help  my  employees 
choose  the  appropriate  training  they 
need  to  do  their  jobs  and  enhance  their 
career  growth.  To  do  this,  I  regularly  monitor 
the  direction  network  technology  is  taking  to 
identify  needed  training. 

Interest  in  converged  networks  —  especially  VoIP  —  is  increasing. 
VoIP  has  the  potential  to  offer  more  opportunities  for  network  engi¬ 
neers;  however,  it  also  will  offer  more  challenges. 

The  key  terms  in  VoIP  are  voice  and  IP  They  go  hand  in  hand,  and 
to  take  advantage  of  the  new  opportunities  VoIP  will  bring,  network 
engineers  will  need  to  be  proficient  in  both.  Here  is  where  the  chal¬ 
lenge  lies  and  where  the  focus  of  training  should  be. 

Most  data  network  engineers  are  proficient  in  IP-based  networks.  Any 
network  engineer  who  has  even  a  modicum  of  experience  is  able  to 
understand  IP  subnets,  IP  routing  protocols  and  basic  IP  network 
design. These  items  have  become  so  commonplace  that  some  indus¬ 
try  analysts  believe  IP  network  engineering  is  on  the  verge  of  being 
commoditized. 

But  few  data  network  engineers  have  knowledge  of  voice  engineer¬ 
ing.  I  know  very  few  data  network  engineers  who  understand  Erlang 
B  and  C  calculations  and  when  to  use  them.  I  have  yet  to  meet  many 
network  engineers  who  understand  voice  trunking,  call  center  net¬ 
works,  Centrex,  PBXs  and  advanced  call  handling.  But  knowledge  of 
these  concepts  will  be  essential  to  anyone  wanting  to  take  advantage 
of  VoIP  opportunities.  PBXs  are  the  “network  servers”  of  voice  systems, 


Training  for  convergence 


Erlang  B  and  C  are  the  capacity  planning  models  of  the  voice  world, 
and  Centrex  is  the  “managed  service”  of  voice. 

Without  knowledge  of  these  technologies,  engineers  will  not  be 
able  to  design  networks  that  meet  the  standard  voice  requirements  of 
99.999%  availability,  low  latency  and  enhanced  QoS.  While  most  peo¬ 
ple  will  put  up  with  slow  response  times  on  their  data  networks  and 
the  inability  to  access  file  and  mail  servers  because  of  outages,  few 
people  will  accommodate  lack  of  dial  tone  when  they  lift  a  handset 
or  tolerate  a  call  that  has  the  “walkie-talkie”  effect  associated  with 
latency  issues. 

Voice  engineers  also  will  need  to  acquire  new  skill  sets.  Many  IT 
departments  have  excluded  the  voice  group  from  their  network  man¬ 
agement  processes.  Voice  technicians  often  are  free  to  make  changes 
to  the  PBX  as  needed  without  having  to  follow  change  management 
processes.  In  addition,  the  ability  to  provide  availability  reports,  system 
utilization  statistics  and  usage  metrics  is  not  commonplace  in  the  voice 
world.Voice  engineers  will  need  to  become  familiar  with  the  more  for¬ 
malized  processes  and  procedures  associated  with  data  networks. 

Converged  networks  will  create  the  need  for  specialized  knowledge 
that  will  elevate  the  status  of  network  engineering  to  levels  not  seen  in 
the  last  few  years.  To  capitalize  on  these  opportunities,  network  engi¬ 
neers  need  to  put  in  place  a  training  plan  to  gain  not  only  IP  skills  but 
also  the  knowledge  of  voice  technologies.  Now  where  did  I  put  my 
copy  of  Newton  s  Telecom  Dictionary? 


Network  engi¬ 
neers  need 
to  put  in  place 
a  training  plan 
to  gain  not  only 
IP  skills  but 
also  the  knowl¬ 
edge  of  voice 
technologies. 


Yoke  is  director  of  business  solutions  engineering  fora  corporate  net¬ 
work  in  Denver.  He  can  be  reached  at  ckyoke@yahoo.com. 


YANKEE  INGENUITY 

Howard  Anderson 

For  the  past  20  years,  the  way  you  and  I 
have  made  money  in  this  business  has 
been  to  pick  a  spot  at  the  edge  of  the  net¬ 
work  and  invest  —  I  in  the  private  market, you 
in  the  public  market.  Whole  industries  were 
doing  the  same  thing.  By  moving  intelligence 
to  the  head  ends  of  their  networks,  the  cable 
companies  one-upped  the  broadcasters.  Then  the  satellite  companies 
trumped  the  cable  guys  by  moving  intelligence  from  the  head  end  to 
the  consumer. 

But  what  happens  when  the  edge  of  my  network  is  the  heart  of  your 
network?  Clash  of  the  Titans.This  is  why  the  ongoing  catfight  between 
the  Creative  Guys  (read:  Hollywood)  and  the  Innovation  Nerds  (read: 
Intel  and  the  Silicon  Valley  crowd)  is  great  theater,  and  why  they  are 
spitting  and  cursing  at  each  other  and  finally  going  to  Washington  to 
ask  Mommy  Congress  to  send  the  other  guy  to  his  room. 

This  is  about  Enemies  with  a  capital  E.The  Innovation  Nerds  go  postal 
when  the  Creative  Guys  suggest  that  the  government  rein  in  technolog¬ 
ical  breakthroughs  through  legislation  such  as  the  Inducing  In¬ 
fringement  of  Copyrights  Act  of  2004,  contending  that  doing  so  stifles 
innovation. The  Creative  Guys  don’t  say  they  are  scared  witless  of  losing 
money;  they  say  that  this  bill  will  help  reduce  kiddie  porn  and  piracy 
So  where  are  we  going  to  make  money  over  the  next  10  years?  The 
future  belongs  to  those  who  can  bridge  the  gap  between  content  and 
technology.  Look  at  Steve  Jobs  —  the  iFbd  is  the  first  product  to  bridge 
hardware  and  entertainment, and  iTunes  is  the  first  service  where  both 
sides  have  something  to  gain. 

Let  me  tell  you  about  my  friend  Todd  Dagres.  He  used  to  work  for  The 
Yankee  Group  running  our  data  communications  group. Then  he  went 
to  Battery  Ventures,  where  he  made  an  ungodly  amount  of  money  by 
investing  in  the  edge  of  the  network  (River  Delta,  Qtera,  Akamai 
Technologies).  He  left  Battery  and  moved  to  Los  Angeles,  where  he  is 
looking  at  deals  that  cross  over  —  content  and  technology. 


Living  on  the  edge 


Dagres  is  on  my  board  at  YankeeTek  Ventures,  so  I  am  waiting  to  see 
what  kinds  of  deals  we  will  do  together.  Here  is  what  I  expect:  The  first 
few  will  out-and-out  suck  —  Spider-man  meets  802.16  —  but  then  the 
next  few  will  be  out-and-out  grand  slams.The  future  belongs  to  the  con¬ 
trarians.  What  most  of  the  industry  does  is  try  to  organize  according  to 
technological  bias,  but  new  hypergrowth  markets  move  across  tech¬ 
nologies,  and  that  is  where  breakthroughs  happen.  Stupendous  new 
markets  open  when  you  can  cascade  technologies.  What  would  hap¬ 
pen  if  1  could  cascade  neural  computing  with  GPS?  Or  voice  recogni¬ 
tion  with  data  mining?  You  get  the  idea. 

Hollywood  is  realizing  that  the  old  way  of  making  movies  through 
the  star  system  is  dead  —  unlike  a  real  actor,  Buzz  Lightyear  (produced 
through  the  genius  of  Silicon  Graphics)  is  a  star  his  creators  own  for¬ 
ever.  How  about  a  movie  where  you  are  Buzz’s  good  buddy  and  the  two 
of  you  fight  the  forces  of  Evil  in  an  interactive  game  where  you  have 
achieved  Level  9  against  a  team  from  China?  The  winner  will  get  a  role 
in  the  next  movie/video  game/reality  show,  plus  $5  million. This  is  the 
strange  area  where  reality  and  fiction  are  so  intermingled  that  they  are 
indistinguishable. 

That  is  where  you  are  going  to  find  me  —  hunkered  down  among  the 
crazies.  Hurry  or  you  might  be  too  late  for  this  new  industry  sector.You’ll 
know  you  are  when: 

Time  Warner/ AOL  gets  out  of  it. 

GE  gets  into  it. 

IDG  launches  a  new  magazine  to  explain  it. 

The  Harvard  Business  School  offers  two  cases  on  it. 

Two  new  trade  shows  start  up  to  sell  it. 

All  of  the  above. 

So  get  there  early! 

Anderson  is  senior  managing  director  of  YankeeTek  Ventures  and 
founder  of  The  Yankee  Group.  He  can  be  reached  at  handerson@yan- 
keetek.com. 


The  future 
belongs  to  those 
who  can  bridge 
the  gap  between 
content  and 
technology. 
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Clear  Choice  Test: 

We  tested  blade  server 
platforms  from  IBM,  HP  and 
BLX  for  raw  performance  and 
management  features.  IBM's 
BladeCenter  is  our  overall 
winner,  but  HP  and  RLX  bad 
strong  showings. 


Blade  runners 
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BY  JENNIFER  MEARS 


wo  years  ago,  United  Title  in  Westlake 
Village,  Calif.,  was  looking  for  a  load 
balancer  and  some  Web  servers  to  sup¬ 


port  a  new  e-commerce  application  it  was 
getting  ready  to  launch.  The  company  ended  \ 
up  with  a  two-fer:  a  system  from,  load-balancing 
specialist  F5  Networks  that  just  happened  to  be 
integrated  into  blade  servers  from  HP 
“We  didn’t  have  to  go  out  and  buy  a  separate  F5 


appliance,”  says  Peter  Bowman,  CIO  of  Nations 


Holding  Group,  which  owns  the  title  and  escrow 


WE’RE  SAVING  EASILY 
PROBABLY  $20,000 
YEAR.  AND  THAT’S 
ON  RACK  COST  AN 
ELECTRICITY.  THAT’S 
NOT  C00NTING 
IN  EMPLOYEE  TIME 

Peter  Bowman,  CIO,  Nations  Holding  Group 


services  firm.  “The  F5  solution  within  the  BLIOe 
[blade  servers]  allowed  us  to  create  an  environment 


.  *4  .  v. 
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for  the  eBusiness  infrastructure, and  we  didn’t  have  to 
worry  about  sizing  it  because  you  could  expand  [the 
number  of  blade  servers]  quickly” 
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Online: 

Buyer's  guide: 


Get  more  detailed 
information  on  these 
and  other  blade  server 
systems  in  our  always 
updated  online  buyer’s 
guides. 

www.nwfusion.com, 

DocFinder:  2430 


Bowman  initially  brought  in  20  blade  servers,  and  today  he  has  40  in  the  Equinix 
data  center  where  he  collocates  his  servers.  “We’re  saving  easily  probably  $20,000  a 
year,  and  that's  just  on  rack  cost  and  electricity,”  he  says.  “That’s  not  counting  sav¬ 
ings  in  employee  time.” 

United  Title  is  an  example  of  a  company  that  got  in  on  the  blade  server  movement 
early,  but  analysts  say  more  companies  now  are  turning  to  blades. 

The  slimmed-down  servers  were  introduced  in  2001  with  great  expectations: 
Blades  were  expected  to  change  the  computing  landscape.  But  that  hasn’t  come 
to  pass  —  yet.  The  slow  economy  hit  the  service  provider  market  the  blade  ven¬ 
dors  initially  targeted,  and  enterprise  customers  tightened  their  purse  strings 
and  pulled  back  from  new  technology  deployments. 

In  the  past  12  months,  however,  with  major  server  vendors  such  as  HP,  IBM  and 
Sun  squarely  behind  blade  technology  —  and  users  recognizing  the  space  savings, 
flexibility  and  scalability  benefits  —  all  that  is  beginning  to  change.  Even  Dell, 
whose  support  of  the  blade  market  has  been  cool  since  it  introduced  its  first,  and 
only,  blade  in  2002,  plans  to  release  a  new  blade  system  by  year-end. 

“The  market  is  quickly  expanding  beyond  early  adopters  in  the  high-performance 
and  technical  computing  niche  as  vendors  tap  into  their  large  installed  bases  of  cor¬ 
porate  customers,”  IDC  analysts  wrote  in  an  April  report  on  the  blade  market. 
“Vendor  expectations  for  blades  continue  to  be  extremely  positive,  and  2004  is 
shaping  up  to  be  a  pivotal  year  for  blade  adoption:  it  is  expected  that  the  market  will 
undergo  a  shift  from  early  adopters  to  more  mainstream  users.” 


Bade 


servers 


Early  adopters  of  blade  ser 
say  the  benefits  aren’t  scie 


The  research  firm  expects  the  blade  market  to  explode 
in  the  next  few  years, growing  from  about  $600  million  in 
revenue  last  year  to  nearly  $9  billion  in  2008. 

The  growing  momentum  is  already  apparent.  In  2002, 
just  39,000  blade  servers  were  shipped,  accounting  for 
less  than  1%  of  the  entire  server  market.  Last  year,  that 
number  jumped  to  185,000  shipments,  or  3.5%  of  the 
market.  IDC  expects  blade  servers  will  make  up  about 
40%  of  the  server  market  in  the  U.S.  by  2006. 

Better  integration  coming 

But  what  will  drive  this  growth?  Analysts  say  blades 
still  largely  are  relegated  to  high-performance  and  tech¬ 
nical  computing  deployments.  But  they  say  enhanced 
management  tools, virtualization  capabilities, and  better 
network  and  storage  integration  combined  with  a  grow¬ 
ing  interest  from  users  in  modular,  scale-out  computing 
—  where  multiple  smaller  boxes  are  tied  together  to  act 
as  a  single  resource  —  will  help  push  these  systems  into 
corporate  data  centers. 

United  Title’s  Bowman  says  he  uses  blades  as  a  plat¬ 
form  for  Web  server  farms  and  runs  network  monitoring 
utilities  and  management  reports.  He  says 
he’s  looking  to  move  everything  — 
including  databases  and  Exchange 


servers  —  to  blades  eventually 

First,  the  company  is  working  on  creating  a  storage- 
area  network  environment,  which  will  enable  better  vir¬ 
tualization  of  the  blades  because  of  the  networked  stor¬ 
age  capabilities,  he  says.  As  a  result,  Bowman  is  looking 
for  higher-processing  systems  and  is  considering  HP’s 
high-performance  p-class  blades. 

“Over  time,  I  expect  blades  to  largely  replace  two- 
processor  types  of  high-density  servers,”  says  Gordon 
Haff,  an  analyst  at  llluminata.  “Just  as  rack-mount  sys¬ 
tems  displaced  tower  systems  for  most  sizes  of  installa¬ 
tions,  1  see  blades  replacing  rack-mount  systems.” 

But  analysts  acknowledge  that  challenges  remain. 
Blades  still  carry  a  price  premium,  costing  about  10% 
more  than  comparable  1U  servers, according  to  Gartner, 
which  notes  that  the  more  blades  deployed,  the  better 
the  ROl.  However,  when  dozens  of  these  scaled  down 
servers  are  deployed  in  small  spaces,  cooling  needs 
become  more  demanding.  Another  issue  is  standardiza¬ 
tion;  there  are  few  standards  today  when  it  comes  to 
blade  systems. 

“Blades  have  many  more  steps  to  take  to  become  a 
stable  investment,”  says  Jane  Wright,  a  research  director 
at  Gartner. “So  much  will  change  in  the  next  few  years. 
Today,  every  vendor  has  a  different  format  and  a  differ¬ 
ent  backplane  ancf  different  management  software.This 
is  a  risky  environment  to  invest  your  beefy  business 
applications  in.” 

Wright  adds  that  blades  are  a  good  technology  to  start 


investigating  and  piloting  now,  “but  don’t  go  betting 
your  business  on  blades  at  this  point.  Wait  a  couple 
more  years.” 

Gartner  expects  blade  server  standardization  efforts  to 
pick  up  by  2006. 

Standardization  and  integration 

Vendors  are  working  in  that  direction.  IBM  and  Intel 
are  pushing  a  de  facto  standard  blade  design. Other  ven¬ 
dors  aren’t  signing  up  for  the  effort,  however.  Darrel 
Ward,  manager  for  product  server  planning  at  Dell,  says 
standards  will  be  important  but  that  Dell  isn’t  interested 
in  the  Intel/IBM  blade  project. 

“This  year  we’ll  focus  our  blades  on  standards  that 
exist  like  the  Intelligent  Platform  Management  Initiative 
and  using  industry  standard  technology  chipsets  and 
memory  drives  and  things  like  that,”  he  says. 

“Long  term,  standardization  around  I/O  and  some 
aspects  of  management,  such  as  how  a  chassis  discov¬ 
ers  the  components  that  are  in  it,  will  be  important. The 
best  example  of  a  standard  that  we’d  like  to  emulate 
with  blades  is  around  PCI,”  he  adds. 

With  standards,  customers  will  have  the  ability  to 
choose  among  vendors,  thus  driving  down  overall  costs 
Ward  says. 

Other  vendors  are  likely  to  follow  that  course.  HP 
wouldn’t  be  specific  about  its  plans  in  this  area,  but 
executives  say  that  integrating  all 
the  pieces  —  servers,  networks  and 
storage  —  is  important. 

“HP  has  a  deep  relationship  with 
Cisco,” says  Rick  Becker,  group  man¬ 
ager  blades  for  the  enterprise  stor¬ 
age  and  servers  group  at  HP  “We’re 
investigating  opportunities  of  how 
we  can  work  closer  together 
around  blades. . .  .We’ve  absolutely 
got  to  partner  with  switch  vendors 
and  enable  our  customers  to  man¬ 
age  their  networks  and  storage  in 
addition  to  their  servers.” 

David  Nelson-Gal,  vice  president 
of  N 1  Systems  at  Sun, says  users  can 
expect  enhancements  to  storage 
and  network  connectivity  available  in  Sun’s  blade 
servers  as  Sun  takes  advantage  of  virtual  switching  tech¬ 
nology  it  acquired  from  multifunction  switch  vendor 
Nauticus  Networks  and  storage  switch  maker  Pirus. 

Bowman  adds  that  integrated  network  and  storage 
connectivity  from  third-party  vendors  would  be  a  defi¬ 
nite  plus  for  his  network. 

Today,  HR  like  most  systems  vendors,  offers  integrated 
switching  capabilities,  but  requires  pass-through  boards 
or  other  approaches  to  connect  into  the  existing  net¬ 
work  infrastructure. 

Bowman  originally  bought  an  integrated  Ethernet 
switch  from  HR  but  decided  to  scrap  it  in  favor  of  a 
patch  panel  in  order  to  hook  into  his  Cisco  network 
architecture. 

“There  is  a  lot  to  be  said  for  keeping  standards  in  your 
network,”  Bowman  says.  “The  language  was  just  such  a 
barrier  when  you’re  used  to  dealing  with  Cisco’s  IOS 
and  programming.  1  definitely  think  an  integrated  Cisco 
switch  in  the  back  infrastructure  would  be  a  strong 
thing.”  Bowman  says  he  has  the  same  concerns  when  it 
comes  to  storage  connectivity. 

Integrating  network  technology  into  blades  is  the 
route  IBM  is  taking.  Earlier  this  year,  Big  Blue  announced 
that  it  had  embedded  Brocade’s  Fibre  Channel  switch 
and  Cisco’s  Intelligent  Gigabit  Ethernet  Switch  Module 
into  BladeCenter. 

No  matter  the  approach,  the  key  focus  behind  the 
deeper  integration  is  all  about  enabling  users  to  create 


a  virtual  pool  of  resources  that  can  be  managed  and 
provisioned  simply,  and  can  fit  easily  into  the  overall 
data  center  picture,  analysts  and  vendors  say.  That  will 
position  blades  to  be  a  more  critical  platform  in  any 
data  center.  That  means  blade  management  tools  will 
continue  to  be  enhanced  as  well. 

“Where  it’s  going  to  get  interesting  is  as  these  [blades] 
become  increasingly  complex,  the  management 
requirements  become  increasingly  complex  —  things 
like  virtualization,  more  in-house  tools,  and  I’d  also 
expect  to  see  [independent  software  vendors]  like 
Veritas  getting  further  into  this  space,” says  Charles  King, 
an  analyst  with  the  Sageza  Group. 

Management  matters 

Already,  management  software  is  a  key  factor  in  differ¬ 
entiating  among  the  vendors. 

It  was  RLX  Technologies’  management  tools  that 
helped  drive  7ticks  IT  Consulting  in  Chicago  to  choose 
RLX  over  HP  and  IBM.  Dan  Stivers,  CEO  at  the  company, 
which  works  with  the  financial  trading  marketplace, 
says  uptime  and  reliability  is  critical  for  his  business  and 
RLX’s  Control  Tower  software  has  let  him  move  to  blades 
sooner  than  he  thought. 

“Their  real  secret  sauce  is  their  management  software,” 
he  says. “The  time  we  save  on  the  back  end  for  system 
administration  is  tremendous.” 

Scott  Farrand,  vice  president  of  systems  engineering 
at  RLX,  says  the  next  focus  for  RLX  will  be  making  its 
management  tools  more  automated,  “so  it’s  less  labor- 
intensive.” 

For  Harry  Williams,  director  of  technology  and  systems 
at  Marist  College  in  Poughkeepsie,  N.Y,  management 
tools  that  enable  virtualization  are  critical. 

Williams  has  used  IBM  blade  servers  for  about  a  year 
to  run  distance-learning  applications.  He  likes  the  inte¬ 
grated  Cisco  switch  and  says  enhanced  management 
tools  will  make  it  even  easier  to  virtualize  the  blade 
environment  and  move  workloads  among  bladed  sys¬ 
tems.  He  says  he’s  looking  to  expand  his  use  of  blades  to 
support  grid  projects,  streaming  media  and  network 
management. 

“We  see  all  these  things  as  giving  us  significantly  more 
features  that  we’re  going  to  be  able  to  take  advantage  of 
when  it  comes  to  blades,”  he  says.  ■ 


OVER  TIME,  I  EXPECT 
BLADES  TO  LARGELY 
REPLACE  TWO-PROCES 
SOR  TYPES  OF  HIGH- 
DENSITY  SER 


Gordon  Haff,  analyst,  llluminata 


■  BY  TOM  HENDERSON,  NETWORK  WORLD  LAB  ALLIANCE 

Jamming  as  much  computing  power  into  the  smallest  possible  foot¬ 
print  is  the  goal  behind  blade  servers.We  recently  tested  three  different 
server  blade  platforms  —  HP’s  ProLiant  BL  p-Class  Blade  Enclosure, 
IBM’s  BladeCenter  and  RLX  Technologies’  600ex.  On  performance,  we 
found  the  blades  are  pretty  close  —  where  they  differ  is  in  the  compa¬ 
nies’  systems  management  applications  and  availability  options  —  but 
IBM  wins  our  Clear  Choice  Award  for  providing  management  and 
administration  that  was  a  cut  above  the  competition. 


IBM's  BladeCenter  chassis 


All  three  vendors  provided  systems  with  architectures 
that  perform  about  the  same  and  are  ready  for  heavy 
work. 

Applications  for  blade  servers  are  the  same  as  any  other 
server,  except  that  disk  and  storage  expansion  typically  is 
done  through  storage-area  networks  (SAN)  and  assoc¬ 
iated  hardware/software.  Most  often,  we’ve  found  blades 
being  used  for  discrete  applications,  such  as  a  blade  for 
mail  service,  two  or  three  blades  for  Web  services,  a  blade 
for  a  relational  database  or  CRM,  or  accounting  applica¬ 
tions.  Increasingly  clustered  blades  tackle  large  database 
warehousing  and  mining  applications,  video-rendering 
engines  and  other  computationally  intensive  applica¬ 
tions,  and  these  clusters  are  easily  managed  from  a  hard¬ 
ware  and  software  perspective  by  the  advanced  manage¬ 
ment  applications  bundled  or  optioned  for  blade  servers. 

We  installed  the  blade  servers 
in  one  of  the  network  opera- 


_  Results 


HS20  Blade 

Server,  Blade  Center  Chassis 


Company:  IBM,  www.ibm.com/ 
servers/eserver/  bladecenter 
Cost:  $9,386  as  tested.  Pros:  \ pi  CAD  PUniPt  [('')! 

Outstanding  management;  tightly  tl^HUHUIUtJ^j 
integrated  at  all  levels.  Cons:  requires  base 
Management  Module  blade  server;  noisy  airflow. 


tions  centers  (NOC)  of  nFrame,  a  large  ISP/managed  ser¬ 
vice  provider  in  Indianapolis,  which  had  the  power  and 
cooling  we  needed.  Each  vendor  sent  a  specific  configu¬ 
ration  —  a  dual-CPU  blade,  a  single  frame,  and  connec¬ 
tivity  for  a  SAN.  Dell  declined  our  invitation,  as  a  new  ver¬ 
sion  of  its  system  is  coming  out  soon,  and  Sun  declined, 
desiring  a  different  test  methodology  We  actually  asked 
for  four  blades,  but  found  in  testing  that  the  results  of  test¬ 
ing  four  blades  using  our  metrics  is  the  same  as  multiply¬ 
ing  the  results  for  one  blade  by  four. 

Performance  between  the  blades  was  close.  IBM’s  offer¬ 
ing  was  slightly  better  overall  than  HP’s  and  RLX’s, 
although  RLX’s  OpenSSL  under  Linux  took  the  computa¬ 
tional  prize  despite  a  slightly  slower  CPU  clock  than  the 
competition.  Each  vendor  also  took  advantage  of  part¬ 
ners  for  “glue”  products  in  networking  and/or  SAN  con¬ 
nectivity.  HP  used  Qlogic  Fibre  Channel  pass-through 
boards.  IBM  included  Cisco  Gigabit  Ethernet  and 
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OVERALL  RATING 

4.48 


Company:  HP,  www.hp.com.  Cost:  $21,432  (4  BL30p 
blades);  $30,628  (4BL2op  blades);  $10,610  for  blade 
enclosure,  power  and  other  equipment.  Pros:  Highly 
flexible  options;  good  overall  management;  easily 
installed  and  serviced.  Cons:  Slightly  disjointed  feel; 
needs  sewing  up. 


HPC  2800i  Blade  Server, 
RLX  System  600ex  Chassis 


OVERALL  RATING 


Company:  RLX,  www.rlx.com.  Cost:  $10,535  as  tested 
Pros:  Best  Linux  management  seen;  very  good 
performance.  Con:  Components  not  as  tightly 
integrated  as  others  overall. 


The  breakdown 

IBM 

HP 

RLX 

Management  40% 

5 

4.25 

3.75 

Performance  25% 

4.5 

4.25 

4.25 

Flexibilty/features  20% 

4.5 

5 

4 

Serviceability  15% 

4.5 

4.75 

4.25 

TOTAL  SCORE 

4.7 

d.dfl 

4 

_ _ _ 

Scoring  Key:  5:  Exceptional;  4:  Very  good;  3:  Average;  2:  Below  average;  1:  Consistently  subpar 


Brocade  FC  switches.  And  RLX  included  Qlogic  SAN  com¬ 
ponents  for  its  blades  and  chassis. 

Performance  between  the  vendors’  blade  submissions 
also  was  close.  Because  blade  servers  are  used  a  variety 
of  applications,  we  chose  three  simple  tests  to  compare 
them:  the  number  of  Secure  Sockets  Layer  (SSL)  sessions 
that  could  be  maintained,  the  maximum  number  of  open 
TCP  connections  that  could  be  held  and  a  rudimentary 
blade  server  disk-copying  test.  IBM’s  connectivity  was 
strongest,  but  its  onboard  Integrated  Drive  Electronics 
(IDE)-based  hard  drive  was  the  slowest  of  the  three.  The 
dark  horse  RLX  HPC  2800i  blade  server  proved  a  strong 
performer.  But  the  difference  between  the  three  vendors 
was  very  small,  even  insignificant. 

The  blade  difference 

Because  blades  pack  a  lot  of  computing  power  in  a 
small  space,  chassis  electrical  current  requirements  are 
much  larger  than  equivalent  lU-rack  servers.  All  the  chas¬ 
sis  required  208V  AC  power  and  30  amps  for  each  circuit. 
Dual  (and  ideally  independently  fed  and  redundant) 
power  sources  are  the  rule  for  blades.  Blade  servers  cool 
from  front  to  back,  not  bottom  to  top,  as  is  the  norm  in 
data  center  equipment  racks.  We  had  to  switch  doors 
from  other  racks  in  the  nFrame  NOC  to  accommodate  the 
blade  chassis.  Depending  on  the  installation,  data  center 
power-distribution  requirements  and  cooling  methods  for 
blades  need  to  be  understood  before  deploying  a  blade 
chassis  and  related  components.  No  amount  of  manage¬ 
ment  control  software  will  make  redundancy  pay  if  all  the 
blades  in  a  chassis  are  fried.  Fan  noise  from  blade  servers 
is  higher  than  normal  —  and  is  made  higher  because  of 
the  need  for  front  and  back  rack  door  ventilation  holes. 
The  fan  noise  from  the  IBM  chassis  was  deafening. 

Each  vendor  was  asked  to  specify  the  opt  rating  system 
it  would  prefer  we  test  with.  IBM  and  H;;  hose  Windows 
2003  Standard  Edition,  and  RLX  chi;  e  Linux  Red  Hat. 
From  a  performance  perspective,  our  tests  showed  the 
choice  didn't  make  a  lot  of  difference  (see  graphic, 
below).  All  three  blade  servers  noted  mat  they  support 


Blade  servers 


other  operating  systems.  IBM’s  supported 
list  was  the  longest,  but  not  by  much. 

Common  to  all  the  blade  components 
we  tested  in  our  redundant  power  con¬ 
figuration  was  the  ability  for  a  blade  serv¬ 
er  to  be  hot-pulled  with  automatic  re-inte¬ 
gration  when  re-inserted  into  the  blade 
chassis.  All  the  servers  supported  Preboot 
Execution  Environment  (PXE)  boot,  and 
all  have  optional  remote  deployment 
options  for  Win  2003  editions  and  Red 
Hat  Linux  (except  RLX,  where  it’s  free 
with  RLX’s  optional  Control  Tower  XT 
management  hardware/software).  We 
tested  PxE  boot  on  all  three  blades,  and 
all  worked  as  expected.  (For  more  infor¬ 
mation,  see  How  we  did  it,  www.nwf 
usion.com,  DocFinder:  3336.) 

BladeCenter  details 

IBM’s  BladeCenter  chassis  uses  208  AC, 
and  the  unit  tested  had  power  distributed 
by  twin/redundant  208V  AC  feeds,  which 
in  turn  branched  to  four  needed  120V  AC 
connections.  Up  to  14  blades  can  be 
inserted  in  each  BladeCenter. 

A  Management  Module  blade  sits  in  Bay 
No.  1  in  the  BladeCenter  and  can  be 
accessed  via  KVM  or  HTTPS. The  module 
permits  a  view  of  all  the  members  of  the 
BladeCenter,  and  lets  them  be  queried  as 
to  state,  and  can  power  them  on  and  off. 
The  entire  BladeCenter  cannot  be  pow¬ 
ered  down  at  once  —  each  blade  must  be 
powered  down  individually  The  Manage¬ 
ment  Module  blade  frees  up  a  port  on  a 
blade  server  that  otherwise  might  be  dedi¬ 
cated  to  management. 

We  tested  the  HS20  blade,  a  two-Xeon 
CPU  blade  (IBM  also  sent  an  HS40  blade, 
a  four-Xeon  CPU  blade,  but  we  didn’t  test 
it). The  HS20  takes  up  one  slot  inside  the 
BladeCenter  chassis.  A  daughtercard 
(called  a  “mezzanine  adapter”)  is  provid¬ 
ed  to  connect  blade  servers  to  a  SAN. 
Brocade  provides  redundant  16-port  SAN 
switches  if  SAN  options  are  chosen  for  the 
blades.  Like  HP  the  IBM  blades  come  with 
an  onboard  drive,  and  two  can  be  placed 
on  the  drive  in  a  RAID  1  configuration. 
Also  like  HR  IBM  permits  an  external,  hot- 
swappable  drive  to  be  used  with  a  blade. 
This  can  be  helpful  because  a  blade  must 


be  removed  from  the  chassis  (and  there¬ 
fore  powered  off)  for  an  internal  hard 
drive  swap  to  be  made. The  external  drive 
can  be  hot-pulled  or  failed  over  to  without 
removing  a  blade  from  its  chassis.  An  IBM- 
branded  Cisco  blade  provides  either  sin¬ 
gle  or  redundant  Gigabit  Ethernet  switch¬ 
es  to  the  IBM  blade  enclosure. 

The  IBM  Director  is  the  management 
application  used  for  the  BladeCenter 
chassis  and  components.  Like  HP’s  man¬ 
agement  applications,  each  item,  includ¬ 
ing  switches,  can  be  discovered  and  man¬ 
aged  by  Director.  Managed  devices  can 
be  discovered  through  a  query  process 
and  then  populate  the  Director  GUI. 
Devices  with  Director  agent  software  can 
then  have  various  facets  examined,  or  set 
for  error  traps.  We  checked  the  trapping 
mechanism  by  watching  CPU  tempera¬ 
ture  and  utilization.  We  then  blocked  a 
specific  blade’s  airflow  and  watched  the 
CPU  temperature  climb,  until  the  blade 
shut  down  on  our  toggle.  It  took  about  4 
minutes  for  a  CPU  to  cool  down. 

The  Director  software,  where  supported 
by  Director  agents,  has  incredibly  granular 
details  about  the  blade  server.  Director 
supplements  the  functionality  of  the  man¬ 
agement  module  blade, and  Director  has  a 
superset  of  functionality  over  those  in  the 
management  module.  Director  is  the  great¬ 
est  strength  of  the  IBM  BladeCenter  and 
was  a  pleasure  to  use. 

Blading  with  HP 

We  first  tested  HP’s  blade  servers  in  May 
2003  (DocFinder:  3242).  HP  blade  server 
implementations  require  a  power  distrib¬ 
ution  subsystem  that  takes  up  three  rack- 
unit  spaces.  The  HP  blade  chassis  we 
tested  takes  up  6U.  A  smaller  version  (the 
e-class  Blade  Enclosure)  wasn’t  tested.  A 
dual  redundant  configuration  requires 
two  208V  AC  30  amp  feeds;  one  power 
distribution  unit  can  power  several  full 
blade  chassis  and/or  other  gear,  depend¬ 
ing  on  configuration.  Up  to  three  might 
be  needed  for  a  maximum  42U  configu¬ 
ration;  the  power  distribution  units  are 
connected  via  a  back-of-rack  bus.  HP  rec¬ 
ommends  208V  AC  3-phase  power,  and 
“Telco  -48VDC  power”can  be  used  in  lieu 
of  208V  AC  single  phase. 

HP  makes  several  blades  —  we  tested 
the  BL20p  G2  and  BL30p.The  BL20p  G2  is 
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specs 


HP  (BL20pG2) 
HP  (GL30p) 
IBM  (HS20) 
RLX 


SSL 

connections 

Max 

connections/sec 

Int  Disk  I/O 

622 

58,228 

23.9M  byte/sec,  RAID  1 

631 

61,883 

24.3M  byte/sec 

639 

63,404 

19.9M  byte/sec 

671 

56,315 

27.1  M  byte/sec 

CPUs 

Blades/enclosure 

Voltage 

2  3GHz  Xeon 

8 

208V  AC  X  2 

2  3GHz  Xeon 

16 

208V  AC  X  2 

2  3GHz  Xeon 

14 

208V  AC  X  4 

2  2.8GHz  Xeon 

10 

240V  AC  X  4 

full-height,  compared  with  the  half-height 
BL30p.  Both  blades  contained  dual  3GHz 
Intel  Xeon  CPUs  with  2G-bytes  of  Dynamic 
RAM  and  an  onboard  hard  drive.  Both 
blades  can  be  connected  through  op¬ 
tional  dual-channel  Fibre  Channel  boards 
to  a  SAN.  Except  for  a  slightly  better  disk 
I/O  performance  on  the  BL30p,  we  found 
the  blades  performed  identically 

The  enclosure  we  tested  contained  two 
Gigabit  Ethernet  switches,  along  with  SAN 
switches.The  GBE  switches  currently  don’t 
support  10G  Ethernet,  but  there’s  a  place 
holder  for  when  that  is  released.  Blades 
within  the  chassis  are  networked  via  the 
Gigabit  Ethernet  switches  through  the 
chassis  backplane.  We  found  the  switches 
don’t  produce  a  bottleneck.  Using  the 
switches  contributes  to  fewer  Gigabit 
Ethernet  connecting  cables. 

The  backplane  represents  perhaps  one 
of  the  few  single  points  of  failure  in  the  HP 
design,  but  all  blade  server  makers  share 
this  problem.We  found  that  it  would  be  dif¬ 
ficult  to  damage  the  backplane,  unless  it 
was  deliberate. 

HP’s  Integrated  Lights  Out  Advanced  (or 
“iLO”)  management  tool  set  is  a  well- 
known,  longtime  HP/Compaq  server  man¬ 
agement  application  that  connects  sys¬ 
tems  via  an  often-dedicated  Ethernet  port 
on  an  HP/Compaq  server.  This  feature  is 
extended  to  other  server  products  in  HP’s 
line,  so  that  an  in-  or  out-of-band  network 
monitoring  and  management  system  can 
be  put  together. There  are  no  KVM  connec¬ 
tions  to  the  servers  —  they  are  all  managed 
by  remote-control  applications  (included 
in  iLO)  via  Windows  Terminal  Services. 

Like  IBM,  HP  offers  a  rack  configuration 
application  that  produces  a  pictorial  view 
of  the  rack  and  its  components.  This  is  a 
vital  application  for  both  vendors,  as  the 
number  of  potential  options,  devices,  slots 
and  ports  that  need  to  be  tracked  can  be 
staggering. 

RLX  offers  control 

RLX  uses  three  208V  AC  10-amp  connec¬ 
tions  from  the  RLX  600ex  chassis  to  an 
optional  power-distribution  unit.  In  turn, 
the  connections  feed  the  6U  high  chassis’ 
three  power  supplies.  An  optional  RLX 
Control  Tower  XT  management  blade 
module  can  be  installed  —  we  tested  the 
blade  servers  with  this  option.  Control 
Tower  XT  is  the  best  management  inter¬ 
face  that  we’ve  seen  for  Linux,  but  it’s  an 
almost  $4,000  option,  and  also  costs  an 
extra  $199  per  managed  node.  However, 
rapid  provisioning,  a  free  feature  con¬ 
tained  in  Control  Tower  XT,  is  an  option  in 
both  the  IBM  and  HP  offerings. 

A  management  LCD  is  used  to  initially 
configure  the  RLX  600ex  chassis.  Each 
RLX  2800i  blade  starts  with  an  IP  address 
coded  to  the  slot  where  it  resides.  With 
the  Control  Tower  XT  software,  an  HTTP 
logon  is  used  to  start  Control  Tower  XT. 
Red  Hat  Linux  Advanced  Server  was 
shipped  on  the  blades  we  received  — 
this  is  done  for  free,  although  a  license 
key  must  be  subsequently  introduced  to 
the  installation. 


Control  Tower  XT  is  the  rough  equiva¬ 
lent  of  the  IBM  Management  Module  and 
Director  software, as  a  hardware/software 
combination  chassis  administrator.  It 
tracks  faults  based  on  SNMR  and  the 
Intelligent  Platform  Management  Interface 
specification.  Like  HP’s  Insight  Manager/ 
iLO  and  IBM's  Director, Control  Tower  XT  is 
used  to  administrate,  manage  and  provi¬ 
sion  HPC  2800i,  2.8-GHz  server  blades. 
RLX  blades  also  can  PXE  boot,  and  the 
process  takes  about  the  same  time  to 
load  an  operating  system  image. 

Control  Tower  XT  manages  each  blade 
and  its  chassis  characteristics.  An  initial 
loading  of  blade  server  information  is 
input  to  Control  Tower  XT  —  there’s  an 
auto-discovery  feature  that  finds  blades 
and  its  IP  addresses  automatically  Blade 
servers  talk  to  the  Control  Tower  XT  man¬ 
agement  blade  via  a  third  Ethernet  port 
on  each  blade  server  over  SSL  from  a 
Control  Tower  Blade  Agent,  which  must 
be  manually  activated  (once)  on  each 
blade  server.  The  management  network 
must  be  kept  private,  as  SNMP  monitor¬ 
ing  requires  the  use  of  the  unsecure 
“public”  community  name. 

Once  devices  are  discovered  or  descrip¬ 
tions  manually  input,  they  must  be  regis¬ 
tered  before  they  can  be  managed.  SAN 
port  management  isn’t  as  useful  as  other 
controls  offered  for  the  other  blade  servers 
tested.  SAN  connections  must  be  set  man¬ 
ually  and  both  HP’s  and  IBM’s  monitoring 
of  SAN  functionality  were  more  complete 
and  integrated  in  this  regard. 

Like  Insight  Manager/iLO  and  Director, 
Control  Tower  XT  makes  it  possible  to 
control  blades  and  components  remotely, 
once  the  devices  are  registered.  Unlike 
Insight  Manager/iLO,  users  and  groups 
can  be  entered  with  an  administrative 
class.  We  found  that  Lightweight  Directory 
Access  Protocol  user  and  group  informa¬ 
tion  can  be  successfully  used  to  import 
usernames/groups  quickly,  simply  by 
pointing  to  the  LDAP  server  with  correct 
credentials. 

The  swordsmen  clash 

HP’s  offering  provides  a  great  deal  of 
hardware  flexibility  that  in  our  opinion 
exceeds  that  of  IBM  and  RLX.  IBM’s  Blade 
Center  has  the  most  useful  and  flexible 
management  application,  IBM  Director, 
for  blade  system  deployment  in  areas 
from  large  data  centers  through  to 
remote  branches.  By  contrast,  RLX  has 
strong  management  capabilities,  but 
more  confined  hardware  flexibility  than 
IBM  and  HPWe’ve  never  seen  a  stronger 
management  package  for  Linux-based 
servers,  but,  and  the  strength  comes  at  a 
significant  price. 

All  three  are  enterprise-ready  and  all 
three  require  an  adoption  of  “their  way  of 
doing  things.”  All  three  are  enterprise-class. 

Henderson  is  managing  director  of 
ExtremeLabs  in  Indianapolis.  Ken  Miller, 
CTO  ofnFrame  of  Indianapolis,  contributed 
to  this  interview.  ExtremeLabs  would  like 
to  thank  nFrame  for  use  of  its  facilities. 
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■  BUSINESS  JUSTIFICATION 


Technology  testers 

Special  IT  teams  evaluate  new  technology,  determine  business  benefits  of  deployment. 


■  BY  PHIL  HOCHMUTH 

Changing  passwords,  swapping  out  bad  hardware  and  answering 
users’  dumb  questions  are  all  part  of  being  in  IT.  But  often  the 
reward  for  time  in  the  tech  trenches  is  a  spot  in  a  corporations  tech¬ 
nology  evaluation  group. 

Keeping  up  with  the  latest  and  greatest  IT  prod¬ 
ucts  can  be  daunting.Some  IT  shops  in  large  orga¬ 
nizations  set  up  subgroups  to  evaluate  new  prod¬ 
ucts  and  determine  the  business  value  they  might 
bring.  Other  big  firms  assemble  IT  teams  to  test 
products  in  a  specific  categorysuch  as  security  or 
open  source.  Smaller  shops  also  may  rely  on  a 
technology  evaluator  to  separate  the  wheat  from 
the  chaff. 

At  package-delivery  giant  UPS,  a  separate  Ad¬ 
vanced  Technology  Group  consists  of  about  a 
dozen  people  who  evaluate  new  hardware  and 
software  on  a  technical  level  and  business-case 
perspective. 

“We’re  looking  out  on  an  ongoing  basis  for  new 
technology’  says  John  Nallin,  vice  president  of 
information  services,  global  network  systems  and 
technology  infrastructure  at  UPS  in  Atlanta.  Key 
vendors  visit  several  times  per  year  to  lay  out  their 
product  road  maps. 

Most  technology  plans  formed  inside  UPS  come 
from  needs  of  the  business  units,  which  dispatch 
liaisons.  When  a  problem  is  identified,  IT  finds  a 
technical  solution. 

The  Advanced  Technology  Group  is  also  proac¬ 
tive,  with  members  looking  out  on  their  own  for 
new  technologies  that  might  help  the  company 
When  someone  in  the  group  identifies  a  poten¬ 
tially  useful  new  product,  an  evaluation  is  set  up, 
which  usually  lasts  four  to  eight  weeks.  During  this 
time,  the  hardware  or  software  is  tested  as  it  would 
be  used  in  real-world  deployment.  If  the  product 
has  technical  merit,  the  group  considers  whether 
it  would  be  cost-effective  to  deploy  and  the  ROI. 

At  this  stage, “we’re  looking  into  everything  that 
is  required  —  how  many  locations  would  need 
this  technology,  what  that  would  cost,”  Nallin  says. 

“Understanding  the  cost  is  very  important  in  tech¬ 
nology  evaluation.” 

The  team  has  found  some  great  products  that 
have  reduced  UPS’  costs  and  boosted  productivi¬ 
ty,  but  there  have  been  some  misses,  too. 

Nallin  points  to  a  compression  technology  that  was  deployed  in  the  company’s  data  cen¬ 
ter  a  few  years  ago.“It  ended  up  costing  more  to  run  the  compression  than  it  would  have 
to  just  buy  more  [storage] he  says.“We  lost  some  money  on  that.” 

Wireless  has  been  one  of  the  Advanced  Technology  Group’s  grand  slams.“All  the  wireless 
stuff  has  been  a  huge  success,”  Nallin  says,  referring  to  successful  implementations  of  cel¬ 


lular  and  802.1 1  wireless  for  tracking  applications,  and  wireless  devices  that  UPS  delivery 
drivers  use.  “It’s  the  differentiator,  and  it’s  something  we’ve  been  pioneering  for  a  while. 
[Wireless]  is  one  of  those  technologies  that  we’ll  continue  to  tweak,  and  each  time  it  will 
give  us  something  more  than  last  time.” 

At  Hold  Brothers  On-Line  Investment  Services,  new  technology  is  essential  to  the  small 
stock  trading  firm’s  survival. The  New  York  company  uses  advanced  trading  software  and 

a  strong  network  infrastructure  to  remain  com¬ 
petitive  with  behemoths  such  as  Lehman 
Brothers  and  Merrill  Lynch. 

Chris  Lukas  kept  the  firm  on  the  IT  forefront  in 
his  former  position  as  CTO  for  emerging  tech¬ 
nologies  at  Hold  Brothers  “If  there  is  going  to  be  a 
position  such  as  mine  at  a  company  the  company 
has  to  either  be  very  receptive  to  new  technology 
or  in  a  start-up  building  mode,”  Lukas  says. 

Lukas  says  that  when  he  worked  for  Hold  Broth¬ 
ers  the  firm  actively  sought  new  technology,  a 
refreshing  change  from  past  employers. 

“With  this  industry  being  the  fastest-changing 
industry  of  all,  you  would  think  that  there  would 
be  more  people  receptive  to  new  technology’ 
Lukas  says. 

Some  of  the  largest  companies  have  the  luxury 
of  targeting  certain  technologies  that  might  have 
A  V  ■*  business  value  and  assigning  evaluators  to  track 

^  H  ^  i  w  I  t  that  sPecific  area- 

One  U.S.  auto  manufacturer  runs  an  Advanced 

Technologies  Research  Group,  which  has  a 
department  of  people  looking  at  Linux  and  open 
source  applications  to  save  money  and  replace 
proprietary  systems. 

“Being  in  the  Advanced  Technology  Research 
I  Group  gives  me  leeway  to  do  things  that  are  not 
M  L  normally  allowed,”  says  a  systems  engineer  at  the 

V  I  automaker  who  wishes  to  remain  anonymous. 

This  engineer  focuses  on  researching  open 
source  alternatives  to  mail,  file  and  print  serving.“I 
have  my  own  Linux  desktop,  and  I  run  a  dozen 
servers  of ‘non-authorized’  types  in  the  lab.” 

At  another  large  company,  a  Linux-focused 
technology  exploration  group  has  evolved  into  a 
full-fledged  IT  support  and  development  group. 
“Linux  is  one  of  those  technologies  that  provides 
that  proverbial  blank  white  sheet  of  paper,”  says 
Tim  Golden,  director  of  Linux  design  and  engi¬ 
neering  at  Bank  of  America  in  Charlotte,  N.C. 
While  initially  established  as  an  exploratory 
group,  his  team  now  distributes  packaged  Linux 
and  open  source  hardware/software  bundles  for 
various  business  units  and  offices  throughout 
the  company. The  group  is  also  the  lead  IT  team  for  evaluating  and  testing  how  applica¬ 
tions  running  on  the  bank’s  proprietary  Unix  platforms  would  port  over  to  Linux/Intel 
platforms. 

“We’ve  had  applications  running  a  70%  load  that  we  migrated  to  Linux  [servers]  in  a  lab 
and  found  that  we  could  put  an  additional  nine  applications  on  [the  box]  once  we  were 
in  production,”  Golden  says.B 
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Challenge.  Achieve  Distinction 


Norwich  Success  Story  #68 


me  to  create  an  information  assurance  ste'eri 
committee  and  an  information  secUritV^aQi 
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Modem 


Your  virtual  crash  cart 


One  Equinox  Way,  Sunrise  FL  33351,  email:  sales@equinox.com  or  for  international  customers  email:  intlsales@equinox.com. 

©  2004  Avocent  Corporation.  Equinox  and  AVWorks  are  registered  trademarks  of  Avocent  Corporation  or  its  affiliates.  All  other  marks  are  the  property  of  their  respective  owners. 
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Secure  Console  Port  Management 

Extend  Your  Reach 


For  your  free  white  paper  on 
Best  Practices  for  Secure 
Console  Port  Management  visit 

www.equinox.com/ccm4 

For  a  30-day  product  evaluation 
call  1-800-275-3500  ext.  247  or 
954-746-9000  ext.  247 


CCM  Console  Manager  features: 

■  SSH  v2/Telnet  host  ■  In/out  of  band  access 

■  Strong  authentication  ■  Point  and  click  access 

■  Offline  buffering  to  serial  consoles,  KVM 

■  SUN  break  safe  and  power* 

*  To  be  provided  in  future  upgrade  for  the  48-port  model. 


Power 

Control 


Relax  and  fix  the  problem  from  virtually  anywhere. 

When  critical  servers  or  network  equipment  malfunction, 
the  Equinox  CCM  console  manager  and  AVWorks® 
management  software  give  you  the  tools  to  securely  and 
quickly  restore  normal  functionality  from  anywhere. 


Extend  your  reach 


Available  in  8,  16 
and  48-ports. 


Linux  Server 
Unix  Server 
Windows  Server 
Router 
Switch 


Local 


Telnet 


Terminal 


Client 


CCM  Console 


Manager 


Dial  Access 
Client  or 


Network 


Serial 


SSH 

Client 


AVWorks 
Software  Client 


How  Do  you 


via  IP? 


Sentry  Gives  You  Secure  Web/I P  Based  Remote  Site  Management 
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"NEW!"  Secure  Shell  (SSHv2)  Encryption 
"NEW!"  SSLv3  Secure  Web  Browser 
“NEW!"  Active  Directory  with  LDAP 
SNMP  MIB  &  Traps 
Integrated  Secure  Modem 
True  RMS  Power  Monitoring 
Outlet  Receptacle  Grouping  for  Dual-Power  Servers 
Fail-Safe  transfer  Switch  for  Single-Power  Supply  Servers 
Power-up  Sequencing  Prevents  Power  In-rush  Overload 
Temperature  &  Humidity  Environmental  Monitoring 
Zero  U  &  Rack-mount  Models 
1 1 0/208  VAC  Models  with  30-Amp  Power  Distribution 
NEBS  Approved  -48  VDC  Models  Available 


Server  Technology 

Solutions  for  the  Data  Center  Equipment  Cabinet 


When  servers  and  network  devices 
in  the  data  center  lock-up,  network 
managers  need  fast,  secure  and 
reliable  tools  to  respond.  With 
Sentry™  Remote  Site  Managers, 
an  administrator  can  immediately 
reboot  a  remote  system  with  just 
a  few  mouse  clicks.  Sentry  also 
provides  accurate  input  current 
power  monitoring,  environmental 
monitoring  and  integrated  secure 
console  management  using  SSH. 

Server  Technology,  Inc. 

Server  Technology,  Inc.  toll  free  +1 .800.835.1 51 5 

1040  Sandhill  Drive  tel  +1.775.284.2000 

Reno,  NV  89521  fax  +1 .775.284.2065 

USA  „  . 

www.servertech.com 

sales@servertech.com 

©Server  Technology.  Inc.  Sentry  is  a  Irademark  ol  Server  Technology,  Inc 
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Still  searching  for  that  perfect 


Search  no  more 


Servers 

■  Syslog 

■  Active  Directory 
and  RADIUS 


Cyclades  elevates  today’s  KVM  solutions  with  the 
AlterPath™  KVM/net.  In  direct  response  to  feedback 
from  serving  80%  of  Fortune  100  companies, 
the  AlterPath™  KVM/net  brings  a  unique  set  of 
features  unparalleled  in  the  market  today: 


AlterPath™  KVM/net 

Enterprise  KVM  Solutions 


KVM  over  IP 

Up  to  500  ft  (CAT-5)  cabling 
Up  to  1024  servers  per  system 
Integrated  power  management  capability 
Advanced  Security  &  server-based  Authentication 


With  fifteen  years  of  networking  expertise,  only  Cyclades  can  offer  a  complete 
out-of-band  management  solution  that  connects  your  environment  today  and 
integrates  into  your  data  center  of  tomorrow. 

Call  us  now  and  put  an  end  to  your  search. 


www.cyclades.com/nw 

1.888.cyclades  ■  sales@cyclades.com 


cyclades 
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Reboot  your  Network  Equipment  via  Telnet,  Dial-Up  and  Local  Console 


Eight  (8)  Individual  Outlets 
Dual  15-Amp  Circuits 
Integrated  10-BaseT  Interface 
RS-232  Modem  and  Console  Ports 
Outlet-Specific  Password  Security 
Network  Security  Features 
Power-up  Sequencing 
Co-Location  Features 
Modem  Auto-Setup  Command  Strings 
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Network  equipment  sometimes  "locks-up”  requiring  a 
service  call  just  to  flip  the  power  switch  to  perform  a 
simple  reboot.  The  NPS  Network  Power  Switch  gives 
network  administrators  the  ability  to  perform  this 
function  from  anywhere  on  the  LAN/WAN,  or  if  the 
network  is  down,  to  simply  dial-in  from  a  standard 
external  modem  for  out-of-band  power  control. 


Individually 
Programmable 
Outlet  Plugs  (8) 


1 0Base-T  Ethernet  1 9”  Rack  Brackets 

Interface  Allow  Front,  Back,  or 

Center  Mounting 


www.wti.com 


(800)  854-7226 


Dual  15  Amp 
Power  Circuits 


By  Mark  Gibbs 
Network  World 

mm2 


Out-of-Band 
Management 


RS232 
onsole  Port 


western  telematic  incorporated  Celebrating  our  40th 
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“Keeping  the  Net.. .  Working!  ” 


UltraMatrix  Remote 

REMOTE  MULTIPLE  USER 
KVM  MATRIX  SWITCH 
ACCESS  OVER  IP  OR  LOCALLY 


UltraConsole 

PROFESSIONAL  SINGLE-USER 
KVM  SWITCH  SUPPORTS  UP 
TO  1000  COMPUTERS 


•  Connects  1,000  computers  to  multiple  user  stations 
over  IP  or  locally 

•  High  quality  video  up  to  1280  x  1024 

•  Scaling,  scrolling,  and  auto-size  features 

•  Secure  encrypted  operation  with  login  and  computer 
access  control 

•  Advanced  visual  interface  (AVI) 

•  No  need  to  power  down  servers  to  install 

•  Free  lifetime  upgrade  of  firmware 

•  Available  in  several  models 

•  Easy  to  expand 


•  Connects  up  to  1000  computers  to  a  KVM  station 

•  Models  for  4,  8,16  computers 

•  Advanced  visual  interface  (AVI) 

•  Compatible  with  Windows,  Linux,  Solaris,  and  other  O/S 

•  Connects  to  PS/2,  Sun,  USB,  or  serial  devices 

•  Converts  RS232  serial  to  VGA  and  PS/2  keyboard 

•  Free  lifetime  upgrade  of  firmware 

•  Security  features  prevent  unauthorized  access 

•  Full  emulation  of  keyboard  and  mouse  functions  for  automatic, 
simultaneous  booting 

•  Easy  to  expand 


jipr  Ra'ckView™ 

4  RACK  DRAWER  WITH  KVM  SWITCH  OPTION 


800  333  9343 

WWW.ROSE.COM 


ELECTRONICS 


SERVERS  WITHIN  YOUR  REACH 
FROM  ANYWHERE 


A  KVM  switch  allows  single  or  multiple 
workstations  to  have  local  or  remote  access  to 
multiple  computers  located  in  server  rooms  or 
on  the  desktop  regardless  of  their  platforms 
and  operating  systems.  KVM  switches  have 
traditionally  provided  cost  savings  in  reducing 
energy  and  equipment  costs  while  freeing  up 
valuable  real  estate. 


Recognized  as  the  pioneer  of  KVM  switch 
technology,  Rose  Electronics  offers  the 
industry's  most  comprehensive  range  of 
server  management  products  such  as  KVM 
switches,  extenders  and  remote  access 
solutions.  Rose  Electronics  products  are 
known  for  their  quality,  scalability,  ease  of  use 
and  innovative  technology. 


Rose  Electronics  is  privately  held  with  world- 
headquarters  in  Houston,  Texas  and  sells  its 
products  worldwide  through  a  large  network  of 
Resellers  and  Distributors.  Rose  has 
operations  in  the  United  Kingdom,  Spain, 
Germany,  Benelux,  Singapore  and  Australia. 


:U.T^?f^StaocHtt  Road 
V;,.tioustdn/'3exas  77099 

nre  ■  Vi- 

.ROS^U'S  -281  933  7673 

FiOSt  EUROPE  +  44  (0)  1264  850574 

ROSE  ASIA  +65  6324  2322 

ROSE-' AUSTRALIA  +617  3388  1540 
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NETWORK' 

INSTRUMENTS 


One  Network  /£/  Complete  Control  Wired  to  Wireless  •  LAN  to  WAN 


& 


OBSERVER 


OBSERVER 


was 


www.networkinstruments.com/nine 


©  2004  Network  Instruments,  LLC.  All  rights  reserved.  Observer,  Network  Instruments  and  the 
Network  Instruments  logo  are  registered  trademarks  of  Network  Instruments,  LLC. 


Custom  Management  Levels 


OBSERVER 

•  Decode  over  500  protocols 

•  Long-term  network  trending  &  analysis 

•  Real-time  statistics 

EXPERT  OBSERVER 

•  What-lf  Modeling  Analysis 

•  Expert  Analysis 

•  Connection  Dynamics 

OBSERVER  SUITE 

•  Complete  SNMP  device  management 

•  Supports  full  RM0N1,  RM0N2,  HCRMON 

•  Web  Publishing  Reports 


Remote  &  Hardware  Options 

REMOTE  NETWORKING  PROBES 

•  Fully  distributed 

•  Monitor  up  to  64  NICs  simultaneously 

•  New  levels  of  problem  solving  collaboration 

GIGABIT  &  WAN  HARDWARE  OPTIONS 

•  Portable  analyzer  systems 

•  Rack-mount  Probes  ready  to  go 

•  Direct,  passive  link  for  independent  views 


«•■**** 


Vi  4  A 


AKE  IT  HAPPEN. 


Introducing  Observer  9 

•  New  Application  Analysis 

•  Remote  probes  now  provide  multi-interface  and 
multi-session  support 

•  Industry-first  4GB  packet  capture  buffer 

•  Wireless  Site  Survey  Modes 

•  Nanosecond  resolution 

•  Now  over  450  Expert  Events 

•  SNMP,  RMON  and  now  HCRMON  support 


Test-drive  the  new  Observer  9  today  and  see  how  it  immediately 
finds  problems  you  didn't  know  you  had,  optimizes  network  traffic 
and  provides  insight  for  future  planning.  Call  800-526-5958  for 
a  full  featured  evaluation  or  visit  our  website  at 

www.networkinstruments.com/nine 


— 

Stop  juggling  with 
multiple  management  tools 
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*4  Keep  IT  simple 


ManageEngine 

l[)^  OpManager 

Network,  Systems  and  Application  Management 


Take  control  of  your  network,  systems  and  application 
infrastructure  before  it  controls  you.  OpManager  provides 
integrated  management  for  IT  infrastructure. 

Move  to  integrated  management.  Try  OpManager  today... 


Available  for  Linux,  Solaris  and  Windows 


FREE 


■^dventNe£>  www.opmanager.corn  30  Day  Trial 

Download 


THE 


Salix 


GROUP 


COMPUTER  SECURITY  and 
RECORDS  PRIVACY 

including 

SABOTAGE  -  VANDALISM 
FIRE  &  THEFT 


,  Store  tapes,  D.L.T.'s,  Tk50/70  cartridges,  CD-ROM’s 
and  any  other  type  of  data  media  -  in  a  data  safe. 

-  Store  paper  documents  and  computer  media  in 

•  the  mixed  media  safes  and  files. 

_  Units  protect  valuable  records  from  fire,  water, 

*  smoke,  humidity,  sunlight,  theft  and  sabotage. 

—  All  units  are  covered  by  a  lifetime  Replacement  c*  (A  uduct 

*  Guarantee. 

A  Units  are  available  in  various  sizes  based  upon 

•  your  requirements. 

•  Leasing  from  $49  per  month  OR  ADD  TO  YOUR  EXIST; -ML.-  HARDWARE  LEASES!!! 
THE  SALIX  GROUP  •  1-800-668-9319  #  www.sdlixgroup.com 
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Instantly  Search  Gigabytes  of  Text  Across 
a  PC,  Network,  Intranet  or  Internet  Site 
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Publish  Large  Document  Collections 
to  the  Web  or  to  CD/DVD  _ 

♦  over  two  dozen  indexed,  unindexed,  fielded  &  full-text  search  options 

♦  highlights  hits  in  HTML,  XML  &  PDF  while  displaying  embedded 
links,  formatting 

♦  converts  other  file  types  (word  processor,  database,  spreadsheet, 
email,  ZIP,  Unicode,  etc.)  to  HTML  for  display  with  highlighted  hits 

dtSearch  Reviews... 

♦  “The  most  powerful  document  search  tool  on  the  market” 

—  Wired  Magazine 

Intuitive  and  austere  ...  a  superb  search  tool”  —  PC  World 

♦  “Blindingly  fast”  —  Computer  Forensics:  Incident  Response 

Essentials 

A  powerful  arsenal  of  search  tools”  —  The  New  York  Times 

♦  “Covers  all  data  sources  ...  powerful  Web-based  engines” 

—  eWEEK 

♦  “Searches  at  blazing  speeds”  —  Computer  Reseller  News 

Test  Center 


The  Smart  Choice  for 
Text  Retrieval®  since  1991 


Overheated? 

Plug  In 
The  Simple 
Solution. 

MovinCool  spot  air  conditioners  are 

the  answer  to  your  overheating  problems. 

Just  roll  it  in.  Plug  it  in.  Turn  it  on. 

It’s  that  simple. 

►  Up  to  60,000  Btu/h  of  cooling 
power  right  where  and  when 
you  need  it 

►  Protects  against  data  loss  and 
equipment  failure 

£■#1  in  portable  air  conditioning 
for  over  30  years 

^•The  only  portable  air 
conditioner  ETL-verified 
for  performance 

MCVINCOOL 

THE  #1  PORTABLE  SPOT  COOLING  SOLUTION 

800-264-9573  or  visit  www.movincool.com 

©2004  DENSO  Sales  California,  Inc.  MovinCool,  SpotCool  and  Office  Pro  are  registered  trademarks  of  DENSO  Corporation. 
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Climate  Monitor 

$389 


Ethernet/Web  Rack  Mounted 


Temperature 
Air  Flow 
Humidity 
Door  position 
Sound 
Light  Level 
Power 

Video  optional 
16  external  sensors 


Monitor  Multiple  Cabinets 

HTML  (no  client  needed) 
SMTP  (e-mail  alerts) 
SNMP  (MIB,  Traps) 
Graphing 
Console 


On1  Watchdogs 

See  it  working  at:  www.TTWatchdogs.com 

http://63.237.104.17  512-257-1462 


Luggage,  Fine  Leather  Goods, 
Gifts,  and  more! 

Tumi,  Hartmann,  Andiamo, 
Samsonite,  Cross 
10%  discount  for  Network 
World  readers 
Enter  code  NWW2004 


Attention  Resellers! 


SECUREMATICS 

The  Right  decision  for  Security  Products 

Best  Source  for  SONICWAUL 
Security  Products! 


LIMITED  TIME  OFFER! 

-  -  . 

•  Earn  1  FREE  SonicU  e 'Training 

0 

Class  for  every  SISK  in  SonicWALL 

purchases  from  Securematics.’ 

•  New  SonicWALL  Resellers  will  receive  1  FREE 

SonicU  Electronic  Training  Course  with  purchase 

L 

of  any  Demo  Unit  .. 

-Hcttana  — yogpfr.  / 

Securematics  is  a  SonicWALL  Authorized  Distributor  &  Training  Partner 
To  sign  up  for  the  Medallion  Partner  Program,  please  contact  us. 

Call  -  888-746-6700  sales@securematics.com  www.securematics.com 
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Sr.  Application  Developer, 
Bothell.  WA:  Support,  debug, 
enhance  &  re-engineer  business 
application  w/VB  6,  SQL  Server 
7,  T-SQL  Support  end  users. 
Design,  support  &  implement 
web  application  for  accessing 
data  reports  using  MS  .NET.  MS 
ASP.NET  &  HTML;  perform  sys¬ 
tem  analysis  &  document  sys¬ 
tem  using  UML  w /  Visual  UML 
tool.  Maintain  &  enhance  data 
reports  using  Actuate  tools. 
Requ:  Bachelors  Degree  (or  for¬ 
eign  equiv.  or  equiv.  in  education 
and/or  experience)  in  Computer 
Info  Systems  +  5  yrs  exp  in  job 
offered  or  in  systems  analysis  & 
design.  Must  have  5  yrs  Visual 
Basic  exp  &  min  6  months  exp. 
using  UML.  SQL  Server,  ASP. 
HTML  &  MS  NET.  Mail  resume 
to  MDS  Pharma  Services.  Att: 
HR,  22011  30th  Dr,  SE.  Bothell, 
WA  98021. 


Las  Vegas  Gaming.  Inc.  seeks 
Software  Engineer  in  Reno,  NV 
office.  Product  develop:  re¬ 
search,  planning,  design,  cod¬ 
ing,  debugging,  testing.  Product 
maintenance:  Legacy  support, 
Version  control.  Tech  support, 
Re-engineering,  Feature  addi¬ 
tion,  training.  Work  w/  C/C++, 
JAVA,  SQL.  VISUAL  C++,  MS 
SQL  Server,  Win32  API,  Win- 
sock.  Must  have  Bachelor's  in 
Comp  Sci,  Elect  Eng,  or  related 
field.  +4  yrs  relevant  exp. 
Resume  to  Kristy,  Las  Vegas 
Gaming,  Inc.  4000  W.  Ali  Baba 
Ln.  Ste  D,  Las  Vegas,  NV 
89118. 


Sr.  Software  Engineers  needed. 
Seeking  cand  possessing  BS  or 
equiv  and  rel  work  exp.  Exp. 
must  include  1  year  working  with 
Win  32  API  and  Win  CEFA. 
Duties  include:  Design,  analyze 
requirements  and  develop  spec¬ 
ifications  for  software;  Perform 
navigation  product  development 
for  automotive  industry.  Mail 
resume,  refs  and  salary  reqs  to: 
Alpine  Electronics  Research  of 
America,  Attn:  G.  Walsh,  19145 
Gramercy  Place,  Torrance,  CA 
90501. 


Programmer  Analysts  to  ana¬ 
lyze,  design  &  maintain  web 
appls  using  Java,  J2EE,  XML, 
C,  C++,  SAP,  ABAP,  Servlets, 
EJB,  JSP,  Weblogic,  etc  under 
Windows,  Unix;  design  and  cus¬ 
tomize  user  interfaces;  develop 
reports;  work  with  JDK  to  write 
Classes  and  Methods;  docu¬ 
ment,  code,  troubleshoot  and 
test  projects.  Require;  B.S  or 
foreign  equiv  in  CS/Engg  (any 
branch)  with  2  yrs  exp  in  IT. 
competitive  salary.  F/T.  travel 
involved.  Apply  with  resume  to 
HR,  Opalsoft,  Inc.,  3150 
Almaden  Expwy  Ste  205,  San 
Jose,  CA  95118. 


Find 

dependable 

and 

experienced 
IT  professionals 
at: 

itcareers.com 


Trustek,  Inc.  Consulting  firm  is 
seeking  Software  Engr.  w/MS  & 
min.  1  yr.  exp  or  equiv.  &  Prog. 
Analyst  w/BS  &  2  yrs.  exp.  or 
equiv.  Travel/Relo  required  any¬ 
where  in  US. 

C,  C++,  NT,  UNIX,  Shell. 
Sybase,  Net  Studio,  VB.Net, 
ASP.  Net,  SQL  Server, 
JavaScript.  VBScript.  CORBA, 
HTML/DHTML,  ASP,  CSS, 
COM/DCOM,  COM+,  Crystal 
Reports.  Architecture,  Erwin, 
Developer  2K,  PL/SQL. 
SQL'Plus,  Forms,  Reports, 
Designer  2K,  Modeling,  Java, 
JSP,  XML,  XSL,  J2EE,  EJB, 
WebSphere,  WebLogic,  UML, 
Rational  Rose,  JDK,  Data¬ 
warehousing,  ETL,  OLAP, 
Informatica,  Cognos,  Brio, 
Business  Objects,  SUN,  Solaris, 
HP-UX,  Veritas,  EMC,  SAN, 
OpenView,  Oracle  Clinical, 
ClinTrial,  SAS,  FDA  regulations, 
Validations,  Oracle  Applications, 
nQuery,  PeopleTools,  People- 
Code,  PeopleSoft,  SAP  R/3, 
SapScript,  SmartScript,  IDocs, 
ALE,  EDI,  BASIS,  ABAP.  BW, 
APO,  SEM,  SCM,  ITS,  Adaytum, 
Cognos  Business  Suite. 

Applicant  should  also  have  exp. 
in  interface  w/hardware  &  soft¬ 
ware,  provide  functional  imple¬ 
mentation,  config.  train,  analyze, 
implement,  code,  test,  backup, 
install,  manage,  customize,  tun¬ 
ing,  AS-IS  study,  Internet/ 
Intranet  applications,  stored  pro¬ 
cedures,  triggers.  Create  data¬ 
base  tools,  tables,  files,  roles, 
indexes,  space  management 
and  re-organize.  Apply  w/ 
resumes  to  Attn:  Recruiter,  2 
Ethel  Road,  Suite  202-C, 
Edison,  NJ  08817. 


Senior  Developer,  AVP, 
Wachovia  Securities,  Chicago, 
IL.  Provide  direction  for  estab. 
IT  reqmts.,  tech,  architecture. 
Reqs.  BA  in  CS  or  Eng.S  4  yrs 
exp.  in  pos.  or  as  Staff 
Consultant,  Systems  Analyst  or 
Analyst/Developer.  The  4  yrs. 
must  incl.  work  w/rel.  databases, 
new  appl.  Dvlp.,  conversion  of 
specs,  into  code,  testing  &  prep, 
of  code  for  prod.  3  yrs.  must  incl. 
work  w/Oracle  &  DB2  SQL  & 
stored  procedures  in  Unix, 
PL/SQL,  SQL  Loader,  SQL  Plus, 
6  mths  of  ASP.NET  &  C#,  Shell 
Scripting  &  Autosys.  2  yrs. 
must  incl.  work  in  brokerage  ind. 
&  w/compliance  regulatory  sys¬ 
tems.  1  yr.  must  incl.  work 
w/Actuate  &  managing  dvlp.  of 
IT  projects.  M-F,  8-5.  Send  cvr. 
Itr.  resume  to  Geri  Ann 
Henderson,  Wachovia  Corp., 
401 S  Tryon  Street,  NC0958, 
Charlotte,  NC28288-0958.  No 
phone  calls. 


Software  Engineer  (Merrimack): 
Research,  design  &  dev  com¬ 
puter  software  syst  in  conjunc¬ 
tion  with  hardware  product 
development.  Consult  with  hard¬ 
ware  eng  &  other  eng  staff  to 
evaluate  interface  between 
hardware  &  software,  &  opera¬ 
tional  &  performance  require¬ 
ments  of  overall  system.  Provide 
technical  guidance  on  client  pro¬ 
jects.  Will  use  Win  NT/2000.  C, 
C++,  Java,  J2EE,  DB2, 
Websphere,  Unix,  Shell  Scripts, 
Perl,  HP-UX,  Informix,  AIX,  Silk 
performance.  Load  Runner, 
Clearcase.  IBM,  Sun  Solaris, 
XML,  sED,  AWK,  Visual  Source 
Safe,  PL/SQL,  SQL*Plus, 
Oracle,  SCCS.  RDBMS  etc 
Req'd  Masters  in  CS,  Eng,  Phy, 
Math,  or  MIS,  2  yrs  exp  in  job  or 
Prog  Analyst  or  Syst  Analyst  or 
Bach's  with  5  yrs  as  Prog 
Analyst  or  syst  analyst.  25% 
travel  req.  40  hr/wk,  mon-fri, 
9am  to  6  pm  $102  690/yr.  Send 
2  copies  of  resumes  to  Job 
Order  #  2004-110,  P.O.Box  989, 
Concord.  NH  03302-0989 


IS  ANALYST 

Resp.  for  dsgng  &  dvlpng  com¬ 
puter  progs  for  company-wide 
proprietary  data  warehouse  uti¬ 
lizing  various  Oracle-based 
applns.  Specific  job  duties  incl: 
(i)  applying  knowledge  of  Oracle 
programming  techniques  & 
comp.  Sys.  to  plan,  dvlp.  test, 
implmnt  &  document  comp, 
progs;  (ii)  evaluating  user 
requests  for  new  or  modified 
progs;  (iii)  making  site  visits  to 
gather  info.  &  to  analyze  sys. 
reqmnts;  (iv)  consulting  w/users 
to  identify  operating  procedures, 
clarify  prog,  objectives  &  lever¬ 
age  functionality  of  Oracle- 
based  dbases  to  address  critical 
rqmnts;  (v)  applying  knowledge 
of  industry  best-practices  while 
configuring  Oracle-based  dbas¬ 
es  &  dsgng  enhancements  to 
optimize  processes;  (vi)  apply¬ 
ing  knowledge  of  Java,  SQL, 
Navigator,  SAP  ABAP  &  ACTA 
computer  tools  to  support  co's 
applns;  (vii)  utilizing  Oracle, 
PL/SQL,  OWB,  OEM,  Disc¬ 
overer,  Forms,  Portal,  JDeve- 
loper  &  iAS  computer  tools  to 
ensure  high  quality  of  co's  IT 
systems;  &  (viii)  providing  back¬ 
up  support  for  Lotus  &  web 
applns.  M.S.  degree  in  Elect¬ 
rical  Engnrg  or  Comp.  Sci.  reqd 
(or  Bach,  degree  in  Comp.  Sci. 
or  Elec.  Engnrg  together  w/5  yrs 
of  progressively  resp.  exp.  in 
position  offered  or  as  a  Software 
Engnr  or  Oracle  Admin.,  will  be 
accepted  in  lieu  of  MS  degree)  + 
2  yrs  of  exp.  in  position  offered 
or  as  a  Proj.  Mgr.  or  IS 
Consultant,  Must  have  exp. 
dsgng  &  dvlpng  computer  progs 
for  data  warehousing  utilizing 
Oracle  7/8i/9i,  Oracle  Applns 
Server  OAS/iAS,  APPS  IIT, 
ABAP  as  well  as  PL/SQL  & 
Windows  NT  computer  tools.  40 
hrs/wk,  OT  as  reqd,  8  am  -  5  pm, 
$90,000/yr.  Fax  resume  to 
Michelle  Coffey  @  919-549- 
3949. 


Software  Engineer.  Design, 
Develop,  create,  and  modify 
general  computer  applications 
software  or  specialized  utility 
programs.  Analyze  user  needs 
and  develop  software  solutions. 
Analyze  and  design  databases 
within  an  application  area,  work¬ 
ing  individually  or  coordinating 
database  development  as  part 
of  a  team.  Will  use  HTML, 
Javascript,  C,  C++,  VB, 
Vbscript,  ASP.  Powerbuilder, 
Sybase,  Java,  Oracle,  PI/SQL, 
SQL  Server,  ESSbase  Hyperion, 
EIS,  EES,  Microstrategy, 
Cognos,  Business  Objects, 
Informatica,  Tivoli  Websphere, 
iplanet,  WM,  VCS,  Unix  Admin, 
Win  95/NT.Bach.  deg.  In  Comp 
Sci,  Eng(any)  MIS  w/5  years 
exp.  in  job  or  as  Prog.  Analyst, 
Systems  Administrator,  Systems 
Analyst,  40  Hrs./wk.,9-6, 

$75,067/yr.  Must  have  proof  of 
legal  authority  to  work  in  the 
United  States.  Send  your 
resume  to  the  Des  Moines 
Workforce  Development  Center, 
430  East  Grand  Avenue,  Des 
Moines,  Iowa  50309.  Please 
refer  to  Job  Order  IA1101912. 
Employer  paid  advertisement. 


Computers-lntegration 
Architects  needed.  Seeking 
cands  possessing  BS  or 
equiv.  and/or  relevant  work 
exp.  Duties  include:  Design, 
test  &  code  software  & 
Canonical  schema  for  pur¬ 
chase  order;  Work  w  / 
webMethods,  XML,  JDBC 
Adapter,  Java.  Exp.  must 
include  1  year  working  w / 
Java,  XML  and  webMethods. 
Mail  resume  &  refs  to: 
Genesis  Business  Solutions, 
Attn:  HR,  1821  Walden  Office 
Square,  #354,  Schaumburg, 
IL  60173. 


Proar/Analvst:  Plan/program 
network  and  web  appls.  for 
large  scale  LAN/WAN  networks 
in  UNIX/NT  envir.  using  TCP/IP. 
BGP/OSPF  protocols,  Cisco 
Internet  Router  (1000+).  MPLS/ 
VPN,  VSAT,  SNMP,  QOS. 
Checkpoint,  VPN,  VoIP  and 
Nokia  Firewall;  analyze  com¬ 
plex  circuit  /  networking  /  routing 
issues;  direct  network  testing 
procedures. 

DBA  Impl./upgrade/admin  Ora¬ 
cle  Appls  for  financial/service 
and  Hi  ERP/CRP  info  sys  on 
Solaris,  HP/UX,  AIX,  Compaq 
TRU64,  Unix  and  Linux;  Pre¬ 
pare  Instance  Strategy  and 
clone  instances  using  manual 
method,  Adconfig,  Adclone  and 
Rapidclone  utilities;  Perform  da¬ 
tabase  upgrading  with  version 
control  and  system  tuning  using 
DBArtisan,  Tickmark,  SQL 
Navigator, 170  systems,  PVCS, 
CVS,  DBTuner,  RingMaster, 
TOAD,  PL/SQL  Formatter;  and 
perform  backup/disaster  recov¬ 
ery. 

Busi./Analvst  Busi.  processes 
analysis/project  mgmt  in  large 
scale  Relational  Database  Sys¬ 
tems.  Convert  busi.  objectives 
into  tech,  solutions;  develop  re¬ 
source  plans  and  set  develop¬ 
ment  schedules;  develop  UAT 
plans  and  coordinate  the  entire 
UAT  phase;  establish  standards 
for  requirement  gathering,  use 
cases,  UAT  test  cases,  and  doc¬ 
umentation;  analyze  data  in 
Oracle/SQL/Mainframe  db; 
manage  development  life  cycle 
including  issues  of  production, 
manual/publication  and  future 
enhancement  applying  MS/VIS- 
IO,  TestDirector,  WinRunner, 
Rational  ClearQuest,  Rational 
Rose,  QMF,  File  Aid,  Business 
Objects,  Expert  Advisor,  and 
Siebel's  GEM;  Interface  w/off- 
shore  develop  centers. 

Progr/Analyst  and  DBA  require 
BS/BA  (or  equiv.  exp.)  in  Comp. 
Sc.,  Engr.,  MIS  or  in  a  related 
field  plus  2  yrs.  exp.;  Busi/ 
Analyst  requires  BS/BA  in  Busi. 
Adm.or  in  a  related  field  plus  1 
yr.  exp.  in  offered/related  posi¬ 
tion.  Must  be  able  to  perform  all 
duties  on  the  day  of  employ¬ 
ment.  Full-time.  Resume  to  HR 
NetEffects,  Inc.,  500  Chester¬ 
field  Ctr.,  Ste. 350,  St.  Louis,  MO 
63017.  No  Call/EOE. 


DIVISION  LEAD  WEB  DEVEL¬ 
OPER  (Lexington,  KY)  -  Design, 
develop  and  implement  image 
retrieval  services  using  ASP  and 
server-side  Java;  design  and 
support  SQL  and  MS  Access 
database;  using  independent 
discretion,  design  and  ensure 
development  and  delivery  of 
web  service  projects;  supervise 
and  assign  work  to  team  mem¬ 
bers  in  developing  and  finalizing 
projects;  coordinate  develop¬ 
ment  and  production  of  services 
with  overseas  offices;  review 
products  and  specifications  for 
department;  construct  data 
decomposition  diagrams,  pro¬ 
vide  data  flow  diagrams  and 
document  processes;  write 
codes  for  database  access  and 
modifications,  and  guide  team 
members  in  implementing 
codes;  coordinate  testing,  imple¬ 
mentation.  and  installation  of 
systems,  upgrades,  and  network 
lines;  regulate  software  usage 
and  performance,  and  ensure 
software  compliance  with  inter¬ 
nal  regulations. 

Requires  Bachelors  in  Computer 
Science  and  either  1  yr  exp  in 
job  offered  or  1  yr  exp  in  design¬ 
ing,  developing  and  implement¬ 
ing  image  retrieval  services 
using  ASP  and  server-side  Java; 
design  and  support  SQL  &  MS 
Access  databases. 

Salary  $59,940/yr,  Mon-Fri, 
8AM-5PM,  40  hrs/wk. 

Send  resume  to  Ginny  Burton 
#4224,  Department  for 
Employment  Services,  275  E. 
Main  Street  2-WA,  Frankfort, 
Kentucky  40621.  Only  persons 
with  authorization  to  work  per¬ 
manently  in  U.S.  need  apply. 
Equal  Opportunity  Employer. 


VICI 


SYSTEMS 


Reliable  Routing  for  the  Internet ™ 

SOFTWARE  ENGINEERING 
-  OPPORTUNITIES 


Routing/IP  Protocols 

Enhance  existing  routing  protocols,  i.e.,  BGP,  OSPF,  ISIS  and 
PIM,  and  implement  convergence  and  scalability  and  the 
supporting  infrastructure.  Work  on  TE  infrastructure,  including 
extensions  and  constraint-based  routing.  Work  experience  on 
systems  with  fault  tolerance,  development  of  ISIS,  OSPF  and 
GateD  required.  Requires  a  BSEE/CS  degree  or  equivalent,  3+ 
years’  experience  in  C/C++  software  development  or 
equivalent  combination  of  education/experience. 

MPLS  Protocols  and  Fast  Path 
Data  Plane  Programming 

Architecture,  design  and  develop  MPLS  LDR  RSVP  signaling 
protocols  and  CoS,  and  program  MPLS  labels  in  the  hardware 
for  the  data  plane.  Experience  in  POS  is  required.  Experience 
in  Gigabit  Ethernet  and  ATM  is  highly  desirable.  Experience  in 
characterization  of  line  card  performance  with  IP  and  MPLS 
over  POS  and  ATM  data  forwarding  traffic  is  desirable. 
Requires  a  BS  degree  in  EE/CS  and  3+  years’  experience  in 
C/C++  software  engineering  or  equivalent  combination  of 
education/experience. 

Software  Quality  Test 

Plan  and  execute  tests  for  IP  Routing/MPLS/ATM  Protocol 
software.  Develop  automated  test  scripts  in  TCL/TK  or  C. 
Expertise  with  two  or  more  of  ATM,  BGP,  ISIS,  MPLS  and 
OSPF  is  required.  Experience  testing  large  network  topologies 
and  knowledge  of  TE  or  VPN  extensions  to  routing  protocols  is 
desirable.  Requires  BS  in  EE/CS  and  3+  years’  experience  in 
the  development  or  SQA  of  routing  protocols  or  equivalent 
combination  of  education/experience.  Looking  for  1st  and  2nd 
shift  candidates. 

Applicants  must  be  presently  authorized  to  work  in  the 
U.S.  on  a  full-time  basis  without  work  visa 
sponsorship.  These  jobs  are  located  in  our  Billerica 
facility.  Relocation  assistance  is  not  available.  Email 
resume  to:  jobs@avici.com  or  fax  your  resume  to: 
(978)  964-2650,  ATTN:  JBPST  0804.  Responses  by  mail 
can  be  sent  to:  Avici  Systems,  Inc.,  Attn:  Human 
Resources,  101  Billerica  Avenue,  Building  2, 
N.  Billerica,  MA  01862.  No  phone  calls  please.  EOE 


www.avici.com 


IT  PROFESSIONALS 
Senior  Consultant 

(Glen  Mills,  Pennsylvania  and  other  locations  through  the  U.S.).  Conduct 
manufacturing  industry  client  engagements  providing  consulting  services 
in  areas  of  business  process  transformation  and  system  implementation, 
troubleshooting,  and  integrated  software  solutions  to  meet  business 
needs.  Conduct  review  and  analysis  of  client  business  processes  and 
procedures  at  organizational  and  operational  levels,  interviewing  man¬ 
agement  and  administrative  personnel  to  determine  optimal  integration  of 
business  process  reengineering  with  new  information  technologies  and 
modification  of  operational  procedures.  Propose  strategic  solutions  and 
business  process  improvements  including  benchmarking  and  design 
analysis.  Assess  projected  timetables,  project  plans,  financial  and  human 
capital  resources  and  prepare  recommendations.  Participate  in  delivery  of 
system(s),  roll-out  and  implementation  modifications  Provide  post-imple¬ 
mentation  support  and  supervise  both  technical  and  functional  staff 
Participate  in  client  development,  including  proposal  generation.  Provide 
knowledge  repository,  mentoring  and  technical  liaison  role.  Provide  cus¬ 
tomization  of  Oracle  Manufacturing  Modules  using  BOM,  INV,  MRP/SCP, 
ASCP.  WIP/OSFM,  COST  and  Configurator/Applications.  Oracle 
Developer,  Oracle  Manufacturing  and  RDBMS. 

WAGE.  $1 02,000/year 

Hours:  Monday-Friday  9:00am-5:00pm 

MINIMUM  REQUIREMENTS: 

Bachelor's  degree  or  equivalent  in  Computer  Science,  Business 
Administration.  MIS,  IS  or  a  related  field  +  3  years  exp.  in  the  jot-  offered 
or  3  years  exp.  as  a  Consultant.  Project  Manager,  Project  Lead  or  a  relat¬ 
ed  occupation.  Prior  consulting  experience  must  include  Oracle 
Manufacturing  and  configuration  and  customiza'ion  of  Oracie 
Manufacturing  Modules  using  BOM,  INV,  MRP/SCP  A.  Cp,  WIP/OSFM. 
COST  and  Configurator,  as  well  as  Oracle  Applications,  Oracie 
Developer.  Oracle  Manufacturing,  Oracle  RDBMS. 

Please  send  your  resume,  referencing  Job  Order  Number  WEB443605  to 
the:  PA  Careerlink.  FLC  Unit,  235  W  Ctiettan  Ave.  Philadelphia  ,  PA 
19144  EOE 


Nwoet604eiwiuw  i 


Computerworld  •  InfoWorld  •  Network  World  •  August  16,  2004 


w,  ■ 


ifcr-v  •. '  ■ 


IT 


careers 


IT 


careers.com 


IT  PROFESSIONALS 

Senior  Consultant,  Lead  Oracle  Applications  Database  Administrator 

(Glen  Mills,  Pennsylvania  and  other  locations  throughout  the  U.S.). 
Engage  in  capacity  planning,  installation,  upgrades,  setup,  &  administra¬ 
tion  of  production  &  development  of  Oracle  Applications  11  i  instances  & 
Oracle  9i.  8i  databases.  Build  a  high  performance  &  load  balanced  sys¬ 
tem  architecture  in  consideration  of  Global  Single  Instance  readiness. 
Assist  the  client  in  utilization  of  Oracle  Applications  by  transferring  knowl¬ 
edge.  Maintain  &  support  Oracle  11  i  (FIN,  FIRMS,  CRM,  SCM,  &  PAY). 
Build  high  perfonnance  technical  architecture  to  support  database  back¬ 
ups,  recovery,  high  availability,  &  disaster  recovery.  In  support  of  high 
availability  &  disaster  recovery,  implement  Oracle's  RMAN  system  in  con¬ 
junction  with  Tivoli  Storage  manger,  9i  RAC,  &  HP  Service  Guard. 
Implement  automated  tools  for  monitoring,  administration,  &  maintenance 
of  Oracle  Applications  using  UNIX  Shell  Scripts,  BMC  Patrol,  Kintana, 
Rapiddone  &  Autoconfig.  Utilize  Enterprise  Oracle  Application 
Architecture. 

The  wage  offered  is  $80,000  per  year.  The  work  schedule  is  Monday- 
Friday,  9:00  am  to  5:00  pm.  The  position  requires  a  Bachelor's  degree  or 
equivalent  in  Mathematics.  Computer  Science.  Information  Systems, 
Engineering  (any  type),  or  Business  Administration  +  5  years  of  experi¬ 
ence  in  the  job  offered  or  5  years  of  experience  as  a  Senior  Consultant, 
DBA  (Oracle  Applications),  or  Information  Technology  Analyst.  Employer 
regards  a  foreign  degree  as  equivalent  to  a  US  Bachelor's  degree  as 
determined  by  an  accredited  education  evaluation  service.  Related  expe¬ 
rience  must  include  Oracle  Applications  (FIN,  FIRMS,  CRM,  SCM,  &  PAY) 
Administration  and  Oracle  Database  Administration,  Enterprise  Oracle 
Application  Architecture,  High  Availability  and  Disaster  Recovery,  and  at 
least  one  year  of  Global  Single  Instance  (GSI). 

Please  send  your  resume,  referencing  Job  Order  Number  WEB443808  to 
the:  PA  CareerLink,  FLC  Unit,  235  W.  Chelten  Avenue,  Philadelphia,  PA 
19144.  EOE. 


Programmer/Analyst  needed  for 
Software  Development,  Serv¬ 
ices  &  BPO  firm  located  in  S. 
Burlington,  VT.  Job  duties 
include:  Analyze,  design  and 
develop  web-based  applications 
using  Rational  Rose,  Java,  and 
C++.  Develop  core  applications 
using  Java  and  Sun  One  appli¬ 
cation  Framework.  Use 

SunOne  Directory  Server 
(LDAP)  for  data  storage. 
Applicant  must  have  B.S. 
degree  in  computer  science, 
engineering,  math,  or  business. 
Applicant  must  also  have  2  yrs. 
exp.  in  the  job  duties  listed 
above  or  in  any  computer  relat¬ 
ed  occupation  which  must 
include  skills  listed  above. 
40hrs/wk,  8:00am-5:00pm,  Mon- 
Fri,  $70,000/yr.  Send  resumes 
to:  Job  No.  27265,  P.O.  Box 
488,  Montpelier,  VT  05601- 
0488. 

Programmer/Analyst  (position  in 
Atlanta,  GA):  Apply  knowledge 
of  network/sys.  architecture, 
integration,  design,  &  deploy¬ 
ment  to  formulate,  define, 
design,  &  maintain  network 
architectures  using  Win.  NT, 
UNIX,  OO,  Client-server,  n-tier 
environments  8  RDBMS 
(Oracle,  Sybase,  SQL,  Mums, 
Java  &  web  architecture).  Req: 
BS  or  equiv.  in  Comp.  Sci.  or 
related  w’  2  yrs.  of  exp.  in  job 
offered  or  as  a  Sys.  Analyst  or 
Software  Engg.  MS  degree  in 
Comp.  Sci  or  its  equiv.  plus  1  yr 
exp.  will  be  accepted  in  lieu  of 
Bach  deg.  plus  2  yrs.  exp.;  job 
may  require  work  at  unanticipat¬ 
ed  worksites  in  the  All..  GA 
metro  area.  Send  resume  to: 
Ihsanullah  Khokar,  Gen.  Mgr., 
Widezone  International  Co., 
6340  N.  Leavitt  St..  Chicago,  IL 
60659. 

COMPUTERS  -  SENIOR  SYST¬ 
EMS  ADMINISTRATOR  -  Finan¬ 
cial  Management  firm  seeks 
Senior  Systems  Administrator  to 
manage,  maintain  and  upgrade 
Solaris/Unix-based  network's 
central  backup  system,  including 
STK  L6000  library  with  STK 
9940B  tape  drives.  Duties  in¬ 
clude  installation/maintenance 
of  the  batch  system  PBS  and  of 
Solaris/Linux  systems;  central 
LDAP  service;  internal  company 
webservice;  central  CUPS- 
based  print  service;  user  sup¬ 
port  and  security.  Master's 
degree  in  Computer  Science  or 
Computer  Studies  and  2  years 
exp.  in  job  duties  required.  Will 
accept  candidates  with  2  years 
experience  as  Systems  Adminis¬ 
trator  of  high  speed  networks  in 
UNIX  environment.  Mail  resume 
to  RTC,  600  Route  25A,  East 
Setauket.  NY  11733,  Attn:  JR. 

Sr.  S/W  Eng.  for  Device  Driver 
Dev,  SAN,  Storage  Area  n/wk, 
NET,  OOA/D,  &  Kernel  Level 
Program,  develop  app  level  s/w 
solns  on  Windows;  d/zn  &  impl 
kernel  modules  /device  drivers 
for  Windows;  dev  func  specs  & 
d/zn  docs;  s/w  modules  in  C, 
C++  &  C#;  d/base  queries  in 
PL/SQL;  n/wk  protocols  on  Win¬ 
dows;  d/zn  &  dev  multi  threaded 
s/w  solns  on  multi-proc  platform; 
three-tier  solns  w/  GUI  &  Middle 
Tier  in  .NET;  client-server  ap- 
plns;  Windows  Services  in 
C++/C#  in  .NET;  enhance  perf 
thru  better  algos;  improve  perf  of 
low-level  kernel  subsystems; 
solns.  to  oust,  issues;  maint.  & 
bug  fixing.  MS  in  Comp  Sci  +  2 
yrs.  exp.  In  job  duties.  Specify 
Job  Code  ST  &  apply:  Unilinx 
4625  Alexander  Dr..  #  110, 
Alpharetta,  GA  30022  w/  proof  of 
perm,  w/k  authzn. 

PROGRAMMER  ANALYST 

Using  knowledge  of  steel  pro¬ 
duction  &  mfg  processes,  imple¬ 
ment  enterprise-wide  financial  & 
mfg  software  sys.  &  determine 
rqmnts  &  config.  AXIOM  soft¬ 
ware  to  dvlp  common  work 
processes  for  multiple  plant 
locations.  Must  have  4  yrs  of 
exp  as  a  Prog.  Analyst  or  Sys. 
Analyst  for  AXIOM  Implementa¬ 
tions.  Exp.  must  incl.  AXIOM 
implementations  at  multiple  in¬ 
dustrial  plant  locations.  High 
mobility  preferred.  40  hrs/wk, 
OT  as  reqd.  8  am  -  5  pm, 
$80,000/yr.  Submit  resume  to: 
Armstrong  County  CareerLink, 
Attn:  CL  Program  Supervisor. 
1270  North  Water  Street,  P.O. 
8ox  759,  Kittanning,  PA  16201- 
0759  Please  refer  to  Job  Order 
Number  WEB  443884. 

Programmer/Analyst  needed  for 
Software  Development,  Serv¬ 
ices  &  BPO  firm  located  in  S. 
Burlington,  VT.  Job  duties 
include:  Analyze,  develop, 

code,  implement  and  test  com¬ 
puter  software  applications/sys¬ 
tems  for  business  clients  located 
throughout  the  U.S.  using  C++, 
Linux  internals,  and  VHDL.  Also 
involved  in  GUI  development 
and  developing  device  drivers. 
Applicant  must  have  B.S. 
degree  in  computer  science, 
engineering,  math,  or  business. 
Applicant  must  also  have  1  yr. 
exp.  in  the  job  duties  listed 
above  or  in  any  computer  relat¬ 
ed  occupation  which  must 
includel  yr.  exp.  in  the  skills  list¬ 
ed  above.  40hrs/wk,  8:00am- 
5:00pm,  Mon-Fri,  $60,000/yr. 
Send  resumes  to:  Job  No. 
27260,  P.O.  Box  488, 
Montpelier,  VT  05601-0488. 

Software  Engineer  (2  positions) 
various  locations  -  Research, 
designs  and  develops  computer 
software  systems  in  conjunction 
with  hardware  product  develop¬ 
ment  applying  principles  and 
techniques  of  computer  science, 
engineering  and  mathematical 
analysis.  Requires  Master  or 
equivalent"  in  Computer 
Science.  Engineering  or  Math¬ 
ematics.  "Equivalent  is  a 
Bachelor  degree  plus  5  yrs  exp. 
Requires  3-5**  yrs  exp  in  job 
offered  or  3-5*  yrs  exp  as 
Programmer  Analyst,  Systems 
Analyst  or  Systems  Engineer. 
**3  yrs  exp  if  Master  or  5  yrs  exp 
if  Bachelor  degree.  Must  have 
1-yr  exp  using  Oracle  and 
PL/SQL.  5  day,  40  hr/wk, 
$75,000/yr.  Please  mail  res¬ 
umes  to  Workforce  Develop¬ 
ment  Programs,  PO  Box  46547, 
Denver,  CO  80202  and  refer  to 
order  number  CO5086151. 


SENIOR  CONSULTANT  -  OPEN 
SYSTEMS  -  Sr.  Cons,  to  d/zn  & 
anlys,  d/b  admin  in  DB2  UDB 
EE/EEE/ESE  7.2  &  8.1  on  AIX 
4.3.3  &  AIX5L  on  RS/6000  &  Sun 
Boxes;  Dev  bk/up  recov  strat  w/ 
Tivoli  Stor  Mgr,  Hitachi  True 
Copy;  Physical  d/zn  of  UDB  d/b, 
config  &  perf  tuning  d/b  appl; 
montr  &  trblsht  d/b  &  appln 
prblms;  d/zn,  devlp  &  implmnt  std 
scrty  model,  install  &  mntmg  in 
UDB;  maint  clnt/srvr  envir,  SY¬ 
BASE  to  DB2  d/b  conv;  d/zn 
maint  strtgy  DB2  d/b;  prvd  24x7 
sys  supp;  implt  DB2  2  Sybase 
replicn  DB2;  Info  Intgrtr  &  direct 
connect  &  UNIX  Shell  scriptng 
KORN,  PERL  &  WAP  techn.  BS 
Comp  Sci  +  2  yr  exp  job  duties 
OR  no  BS  +  5  years  exp.  In  SW 
dev.  Must  be  IBM  Certified  as  d/b 
admin  +  1  yr.  exp.  In  WAP  tech. 
Apply:  OSI.  4005  Windward  Pla¬ 
za,  #  550,  Alpharetta,  GA  30005 
w/  proof  of  perm  work  authzn. 


IfA 

Kama  Consulting  Inc. 
TOP  $$’s,  W2  or  1099 


We  are  a  fast  growing 
Consulting  company  based 
in  North  Carolina. 
Excellent  opportunities  for 
Programmers, 
Systems  Analysts,  DBAs. 

Sun  Solaris  System  Admins, 
Mercatur,  Websphere, 
ASP,  .NET,  ORACLE, 
PROGRESS,  C++,  TCP/IP 
Delphi/VB,  Windows  NT 

Send  your  resume  to 
Rod  McFadden 
Kama  Consulting 
Fax:  704-896-9660 
Email:  rod@kamaco.com 


Systems  Analysts  to  analyze, 
design,  implement  business 
processes  using  SAP,  Java,  VB, 
C,  C++,  Oracle,  PL/SQL,  etc 
under  Windows/UNIX  OS;  per¬ 
form  reqs  gathering  and  gap 
analysis;  prepare  functional, 
technical  specifications;  develop 
training  material  for  end  users 
and  coordinate  system/user 
acceptance  testing.  Require  BS 
or  foreign  equiv.  in  CS/Engg 
(any  branch)  with  2  yrs  exp  in 
above  skills,  or  MS  or  foreign 
equiv  in  one  of  the  above  fields. 
Competitive  salary,  f/t  position. 
Travel  involved.  Resumes  to 
HR,  Smartsoft  International, 
Inc.,  3965  Johns  Creek  Court, 
Suwanee,  GA  30024. 


Database  Administrator  wanted 
by  consulting  co.  in  IL  to  dvlp 
data  model  describing  data  ele¬ 
ments  &  their  usage.  Test,  cor¬ 
rect  errors  &  modify  changes  to 
prgms  or  data  base.  Review, 
estimate  time  &  cost  of  projects. 
Direct  prgmrs  &  analysts,  review 
workflow  charts  &  train  d/base 
users.  Must  have  Bach  or  equiv 
in  Comp  Sci  &  1  yr  exp  in  job 
offd.  Employer  will  accept  deg 
equivalency  based  on  combo  of 
Education,  training  or  exp  in 
tech  industry  in  lieu  of  Bach  deg. 
Respond  to:  Mr.  Mohammad  N. 
Yaqoob,  MY  Management,  1741 
S.  Ruble  St.,  Chicago,  IL  60616. 
No  calls. 


Computer  Support  & 
Research  Specialist:  Design, 
coordinate  activities  of  com¬ 
puter  systems;  formulate  info 
for  corporate  decision  mak¬ 
ing;  collect  &  analyze  data; 
train  users,  troubleshoot  all 
hardware/software  compo¬ 
nents.  Bachelors/Equivalent 
in  Comp.  Sc. /Engineering 
w/rel.  exp.  Resume  to  HR, 
Falcon  Farms,  Inc.,  2330  NW 
82nd  Avenue,  Miami,  FL 
33122. 


SYSTEMS  ANALYST,  Atlanta, 
GA.  Requires  B.S.  computer 
science  and  2  years  experi¬ 
ence.  Provide  system  analy¬ 
sis,  implementation,  mainte¬ 
nance  and  support  using  full 
life-cycle  development,  Leg¬ 
acy  and  client/server  sys¬ 
tems.  Interested  applicants 
please  submit  resume  to  Attn: 
HR  Dept.,  Information  Tech¬ 
nology  Resources,  1355 
Peachtree  St.,  NE,  Suite  110, 
Atlanta,  GA  30309. 


OH  ins.  co.  seeks  Systems 
Analyst  to  assist  in  preparing 
detailed  technical  specs,  de¬ 
sign  code,  test,  debug  docs.  & 
maintain  programs  for  auto¬ 
mated  business  systems.  Min 
req:  Bachelor’s  in  Engineer¬ 
ing  or  eqv.  &  3  mos.  in  job  or 
job  related  exp.  including: 
XML,  UML,  Visio,  VSS,  Java¬ 
Script,  SQL  server,  J2EE, 
EJB,  WSAD,  VisualAge,  Or¬ 
acle,  CFML.  Resumes  to:  JK- 
T64A135,  300  N  Commons 
Blvd.,  Mayfield  Village,  OH 
44143.  No  calls.  EOE. 
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Software  Engineer  (2  positions) 
various  locations  -  Research, 
design  and  develop  computer 
software  systems  in  conjunction 
with  hardware  product  develop¬ 
ment  applying  principles  and 
techniques  of  computer  science, 
engineering  and  mathematical 
analysis.  Requires  a  Master  or 
equivalent*  in  Computer  Scie¬ 
nce,  Engineering  or  Math¬ 
ematics.  'Equivalent  is  Bach¬ 
elors  plus  5  yrs  exp.  Must  have 
3-5"  yrs  experience  in  the  job 
offered  or  3-5  yrs  as  a  Systems 
Analyst,  Programmer  Analyst  or 
Systems  Engineer.  "Three  yrs 
exp  if  Masters  or  5-yrs  exp  if 
Bachelors.  Must  have  1-yr  exp 
using  Vignette.  5  day,  40  hr/wk, 
$100,000/yr.  Please  mail  res¬ 
umes  to  Workforce  Develop¬ 
ment  Programs,  PO  Box  46547, 
Denver,  CO  80202  and  refer  to 
order  number  CO5086145. 


Non-profit  S/W  org  in  SF  looking 
for  S/W  Dev  Mgr  to  hire/direct 
S/W  Release  and  QA  teams; 
install  &  administer  web  apps; 
integrate  crypt  srvcs  to  enable 
secure  storage  &  xchange  of 
information;  ensure  corp  s/w 
security  by  utilizing  s/w  dev 
methods  and  best  practices  to 
protect  against  programming 
errors  &  hacker  activity; 
enhance  s/w  dev  processes  and 
tools.  Req:  MS  or  equiv  +  3  yrs 
in  s/w  dev/mngt.  Exp  in  Irg  scale 
s/w  dev  projects;  00  s/w  dev;  C 
&  C++,  Perl,  open  source  pro¬ 
jects;  mass  market,  client/desk¬ 
top  apps  dev;  x-platform  dev  exp 
(Linus,  Mac  OS  X,  Windows); 
installing  and  managing  LXR  & 
Bonsai.  Send  res  to:  devmngr- 
job@osafoundation  .org 


Need  IT  Professionals  like 
Software  Engineers,  Prog¬ 
rammer  Analysts,  IT  Business 
Managers  for  company  based  in 
Bristol,  PA.  MS/BS  Degree  or 
equivalent  in  C.S,  CIS,  MIS, 
Engg  (any),  Math,  Phy.  /  rel  field 
and/or  rel.  work  exp.  All  posi¬ 
tions  may  involve  travel  &/or 
relocation  to  project  sites 
throughout  the  U.S.  Mail 
resumes  to  HR  at  Surya 
Systems  Inc.,  1200  New 
Rodgers  Road,  C  7A,  Bristol,  PA 
19007.  State  the  post  applied 
for. 


Time  Warner  Cable  seeks  appli¬ 
cants  for  the  position  of  OLAP 
Application/Administrator  in 
Charlotte,  NC.  Under  close 
supervision,  engage  in  moder¬ 
ately  complex  tasks  regarding 
system  and  data  administration. 
Requirements  include  bache¬ 
lor's  in  Information  Systems  or 
Computer  Science  and  working 
knowledge  of  administering 
computer  system  and  working 
knowledge  of  Cognos  Upfront/ 
Powerplay,  Informatica  ETL, 
Peoplesoft  EPM,  Tidal  and 
Onbase.  Respond  by  resume  to 
Paul  Santos,  Time  Warner 
Cable,  7910  Crescent  Executive 
Drive,  Charlotte,  NC  28217. 


Programmer/Analyst  with 
experience  in  time  and 
attendance  software  and 
biometric  timeclocks,  rela¬ 
tional  database  design  and 
implementation,  to  work  in 
various  locations  through¬ 
out  US.  Send  resume  to 
SAIC,  8301  Greensboro 
Dr.,  Mail  Stop  E  12-1, 
McLean,  VA  22102.  Attn: 
SAIC  HR.  Must  reference 
job  code  #CEL08931 2. 
EOE. 


Programmer/Analyst  needed  for 
Software  Development,  Serv¬ 
ices  8  BPO  firm  located  in  S. 
Burlington,  VT,  Job  duties 
include:  Analyze,  design  and 
develop  Forte  based  software 
applications  in  a  client/server 
environment  for  clients  located 
throughout  the  East  Coast  using 
middleware-programming 
including  Forte,  Forte  Express, 
Forte  Conductor,  Rational  Rose, 
Oracle,  and  DB2.  Applicant  must 
have  B.S.  degree  in  computer 
science,  math,  engineering  or 
business.  Applicant  must  also 
have  2  yrs.  exp.  in  the  job  duties 
listed  above  or  in  any  computer 
related  occupation  which  must 
include  skills  listed  above. 
40hrs/wk,  8:00am-5:00pm,  Mon- 
Fri,  $60,000/yr.  Send  resumes 
to:  Job  No.  27262,  P.0.  Box 
488,  Montpelier,  VT  05601- 
0488. 


Software  Engineer  (Merrimack): 
Design  &  develop,  Computer 
software  systems  using  C,  C++. 
Java,  Servlets,  JSP.  JDBC,  EJB, 
AWT,  Swing,  Perl,  Shell  Scripts, 
Expect,  Rational  tools  (Clear- 
case,  Multisite,  Clearquest, 
DDTS)  administration,  SCM 
training  and  support,  Release 
engineer  (GNU  make,  cygwin, 
shell  scripting)  for  large-scale 
multi-platform  (UNIX,  NT,  Linux, 
VXWorks)  development  environ¬ 
ment.  Installation.  Maintenance, 
support,  Administration,  Trouble¬ 
shooting,  Recovery.  Worked  on 
Cobol,  CICS,  JCL,  DB2  on  MVS. 
Req'd  Bach's  in  CS,  Eng  (any), 
Math,  or  MIS,  5  yrs  exp  in  job  or 
Prog  Analyst.  25%  travel  is  req. 
40  hr/wk,  mon-fri,  9am  to  6  pm 
$102.690/yr.  Send  2  copies  of 
resumes  to  Job  Order  #  2004- 
151,  P.O.Box  989,  Concord,  NH 
03302-0989 


Sr.  Quality  Eng.  wanted  by 
company  engaged  in 
graphics  and  multimedia 
technology  design,  manu¬ 
facturing  and  marketing. 
Requires  Bach,  in  CS  or  EE 
plus  5  yrs  exp.  including 
audio/video  software.  Reply 
to  ATI  Research,  Inc.  H  R. 
Dept.,  Attn:  K.B.,  62  Forest 
Street,  Marlborough,  MA 
01752. 


Software  Engineer  needed 
w/Masters  degree  or  Foreign 
Equiv.  &  1  yr  exp  in  job 
offered  or  1  yr  exp  as 
Programmer  Analyst  or  Tech¬ 
nical  Lead.  1  yr.  exp  in  using 
Weblogic  Portal  for  backend 
integration  w/Oracle,  JMS, 
XML,  JSP,  Servlets,  Java¬ 
Script,  Dream  Weaver,  Java  & 
J2EE  on  Unix  OS.  Develop 
EJBs  in  Weblogic  Cluster 
environment.  Send  resumes 
to:  Algomod  Technologies 
Corp.,  101  Southhall  Lane, 
Suite  400  PMB  #401, 
Maitland,  FL  32751. 


Computer 

eTechnosoft  Corporation  has 
multiple  openings  for  Progra¬ 
mmer/Analyst,  Software 
Engineer,  Project  Lead  / 

Managers.  Send  resume  to. 
8700  W.  Bryn  Mawr  Avenue. 
Suite  800  South,  Chicago,  IL 
60631  or  email  to: 
resume@etechnosoft.com 


ADVENT  GLOBAL 
SOLUTIONS,  INC. 

SOFTWARE  ENGINEERS:  to 
research,  design,  develop  com¬ 
puter  software  systems  and  lead 
new  product  development  pro¬ 
jects  to  timely  completion.  Ability 
to  evaluate  and  design  SAP  soft¬ 
ware  is  required.  Needs  a  Mas¬ 
ters  in  CS/MIS  or  any  related 
degree  combined  with  1  +  years 
experience  or  Bachelors  with  5 
years  experience  in  designing 
and  developing  computer  soft¬ 
ware  systems. 

SYSTEMS  ANALYSTS:  to  ana¬ 
lyze,  design  and  develop  opera¬ 
tional  procedures  to  automate 
processing  and  to  develop  new 
systems  to  improve  production. 
Knowledge  of  SAP,  Oracle,  and 
other  business  related  software 
is  essential.  Needs  a  Bachelors 
in  Engineering/CS  or  in  any 
related  field  combined  with  5 
years  relevant  experience  in 
designing  and  developing  com¬ 
puter  software  systems. 

COMPUTER  PROGRAMMERS: 
to  design,  develop,  identify  and 
implement  solutions  within  SAP 
systems.  Design,  develop,  write, 
test  programs  and  perform  SAP 
implementations.  Knowledge  of 
SAP,  Oracle,  and  other  business 
related  software  is  essential. 
Needs  Bachelors  in  Engineering 
ICS  or  in  any  related  field  with  3 
years  relevant  experience  in 
designing  and  developing  SAP 
systems. 

Please  send  resumes  to  Advent 
Global  Solutions,  Inc.,  Human 
Resources,  3419  N.  Kennicott 
Avenue,  Suite  C,  Arlington 
Heights,  IL  60004. 


Software  Quality 
Assurance  Engineer 

PCTEL  Inc.  a  global  leader  in 
simplifying  mobility  seeks  an 
experienced  Software  Quality 
Assurance  Engineer  to  evaluate 
and  test  computer  software  sys¬ 
tems  according  to  specifications 
and  standards.  Will  develop  and 
write  test  scripts,  initiate  the  test 
and  analyze  end  results.  Will 
perform  testing  of  wireless 
mobility  solutions  products,  write 
and  execute  test  plans,  test 
cases  and  scripts.  Develops 
new  test  strategies,  improve 
processes  for  incident  handling, 
test  development,  automated 
testing,  and  release  control. 
Develop  and  maintain  detailed 
test  plans  of  each  product  line  in 
test.  Reviews  functional  specifi¬ 
cations  and  design  documents 
for  accuracy,  testability,  and  to 
test  customer  usage  scenarios. 
Requires,  min.  of  two  years  pro¬ 
duct  exper.  with  Windows  98/ME 
/2000/XP;  MS  Office;  MS  SQL 
Server;  Pocket  PC;  Extensive 
knowledge  of  802.11  A/B/G; 
Working  knowledge  of  GPRS, 
UMTS  and  CDMA,  a  B.S.  de¬ 
gree  in  Computer  Science  or 
equivalent  and  a  min. of  two 
years  exper.  in  the  job  offered. 
Requires  travel  to  Eastern 
Europe  approx.  20%  of  the  year. 
Candidate  must  be  legally  eligi¬ 
ble  to  work  in  the  U.S.  for  any 
employer. 

Send  resume  directly  to: 
iobs@Dctel.com.  Please  include 
Job  code  500  QA  Engineer  in 
the  subject  line.  Or  mail  directly 
to:  HR  Dept.,  PCTEL,  Inc.  8725 
W.  Higgins  Rd.  Suite  400, 
Chicago,  II  60631 .  PCTEL  Inc.  is 
an  equal  opportunity  employer. 


Computer  Programmer  III,  expe¬ 
rience  to  include  analysis  of  pro¬ 
gramming  procedures  using 
Microsoft  Access  and  SQL  in  a 
financial  area  including  knowl¬ 
edge  of  accounting  cycle,  deb¬ 
its/credits  and  adjustment  of 
entries  to  work  in  our  Cleveland, 
Ohio  office.  Send  resumes  to 
Lapine  Truck  Sales  and 
Equipment  Co.,  3131  E. 
Royalton  Rd.,  Cleveland,  OH 
44147,  Attn:  HR.  Must  reference 
job  code  1221. 


IT  PROFESSIONALS 
Senior  Consultant 

(Glen  Mills,  Pennsylvania  and  other  locations  throughout  the  U.S  )  Assist 
in  the  analysis,  development  and  implementation  of  systems,  or  business 
processes  for  state  governments/agencies.  Utilize  technical  expertise  and 
knowledge  of  public  sector  welfare  regulations  and  policies  including 
Temporary  Assistance  to  Needy  Families  (TANF),  Food  Stamp  (FS),  and 
Health  Insurance  Portability  and  Accountability  Act  (HIPAA)  to  create  sys¬ 
tems  compliant  with  federal  regulations.  Responsible  for  defining  systems 
strategy,  developing  system  requirements,  designing,  prototyping,  testing, 
training,  defining  support  procedures  and  implementation.  Perform  needs 
assessment  and  fit/gap  analysis  between  client  requirements  and  func¬ 
tionality.  Create  detailed  design  specifications  for  system  and  technical 
requirements  (eg.,  business  processes,  infrastructure,  interfaces, 
reports,  enhancements,  and /  or  conversion),  prepare  technical  documen¬ 
tation.  and  develop  and  test  applications.  Create  database  models  and 
data  dictionaries.  Develop  work  plans  and  work  with  project  team  mem¬ 
bers  to  complete  assigned  project  tasks  within  time  constraints.  Design, 
develop,  test  and  implement  interfaces  between  the  client's  systems. 
Utilize  Unisys  Mainframe  Legacy  System  (2200)  and  MAPPER.  Perform 
accurate  analysis  and  effective  diagnosis  of  client  issues  and  manage 
day-to-day  client  relationships  at  peer  client  levels. 

The  wage  offered  is  $79,000  per  year.  Work  schedule:  Mon-Fri,  9:00  am 
to  5:00  pm.  The  position  requires  a  Bachelors  degree  or  equivalent  in 
Engineering  (any  type),  Computer  Science.  Math,  Information  Systems 
and  Business  Administration  +  6  years  of  experience  in  the  job  offered  or 
6  years  of  experience  as  a  Consultant,  Senior  Consultant,  Senior 
Software  Engineer  or  Software  Developer.  Employer  will  regard  a  foreign 
degree  to  be  equivalent  to  a  U.S.  Bachelors  degree  as  determined  by 
accredited  U.S.  evaluation  service.  Related  experience  must  include  pub¬ 
lic  sector  welfare  program  regulations  and  governing  statutes  including 
TANF  and  Food  Stamps,  Unisys  MAPPER  based  management  informa¬ 
tion  systems,  case  management,  eligibility  determination,  payment  distri¬ 
bution  and  inter-agency  interfaces. 

Please  send  your  resume,  referencing  Job  Order  Number  WEB443781  to 
the:  PA  Careerlink,  FLC  Unit,  235  W.  Chelten  Avenue.  Philadelphia,  PA 
19144.  EOE. 


Lead  Network  Software  Engineer  -  Lead  dvlpmt,  maintenance  &  deploy¬ 
ment  of  Red  Hat  N/work  s/ware  applies  products;  perform  product  engg 
functions  for  ERP  products,  using  distributed  computing  infrastructure; 
lead  s/ware  &  d/base  deployment  &  operating  systms  upgrades  on  large 
n/works  of  Red  Hat  Linux  servers;  dvlp  systm  mgmt  &  systms  admin  fea¬ 
tures  to  function  as  part  of  Red  Hat  N/work's  managed  services  compo¬ 
nent;  lead  dvlpmt  of  new  s/ware  applies  &  enhancements  of  existing 
applies  by  integrating  SOAP  &  XML-RPC  communication  protocols  for 
linking  into  an  object  model  &  a  collaboration  infrastructure;  lead  dvlpmt 
of  applies  &  modules  to  handle  distributed  applies  using  XML-based  data 
exchange  protocols  (i.e.,  SOAP,  XML-RPC),  &  of  object  model  infrastruc¬ 
ture  based  on  SOAP  &  XML-RPC;  enable  new  &  existing  applies  as  part 
of  Web  Services  infrastructure  for  Red  Hat  Linux  clients  using  SOAP  & 
XML-RPC;  function  as  project  Lead  &  dsgn  &  dvlp  modules  for  Web 
Services  infrastructure,  using:  SQL  d/base  backends  (i.e  ,  Oracle, 
Sybase,  Postgres  SQL),  Red  Hat  Package  Manager  (RPM),  d/base- 
backed  XML  representations  &  protocols  for  exchange  of  info  in  decen¬ 
tralized  distributed  envrmt  like  SOAP  &  XML-RPC;  lead  dvlpmt  of  applies 
&  modules  to  run  Red  Hat  N/work  client  tool  (up2date)  &  systms  registra¬ 
tion  support  tools,  &  of  availability  &  performance  monitoring  agents  for 
Red  Hat  Linux  systms;  function  as  tech  lead  &  advise  subordinates  & 
peers  in  identifying,  localizing,  &  correcting  applies  problems  &  defects. 
Req:  Master's  (or  equiv)  in  Comp  Sci;  3  yrs  in  job  offd  (only  where  exact 
duties  listed  above  were  performed)  or  3  yrs  as  S/ware  Dvlpr  or  S/ware 
Engr;  &  1)  Min  5  yrs.  theoretical  &  applied  exp  w/Red  Hat  Linux;  2)  Min. 
3  yrs.  theoretical  &  practical  exp  in  following:  a)  dsgng  &  dvlpg  s/ware 
applies  in  C  &  Perl;  b)  n/work  applies  dvlpmt;  c)  UNIX;  3)  Min.  2  yrs.  the¬ 
oretical  &  practical  exp  in  ajdistributed  applies  dvlpmt,  &  w/distributed 
computing  protocols  (SOAP  &  XML-RPC)  implemented  in  C,  Python  & 
Perl;  b)dsgng  &  dvlpg  applies  utilizing  Oracle  &  Postgres  SQL,  among 
other  SQL  d/bases;  c)  dsgng  &  dvlpg  s/ware  applies  in  Python.  Hrs:  40+; 
Salary:  $  80K/yr.  Interested  applicants  apply  at  nearest  Employment 
Security  Commission  office  or  send  resume  to  Employment  Security 
Commission,  3351  Carl  Sandburg  Ct,  Raleigh,  NC  27610.  All  resumes  & 
applications  must  incl  SS#  &  refer  to  JO#  NC7251048  &  DOT  code 
030.062-010. 


Software  Engineer  (Merrimack): 
Research,  design  &  dev  com¬ 
puter  software  syst  in  conjunc¬ 
tion  with  hardware  product 
development.  Consult  with  hard¬ 
ware  eng  &  other  eng  staff  to 
evaluate  interface  between 
hardware  &  software,  &  opera¬ 
tional  &  performance  require¬ 
ments  of  overall  system.  Provide 
technical  guidance  on  client  pro¬ 
jects.  Will  use  Win  NT/2000/XP, 
C,  C++,  Java,  Cobol,  Unix,  EJB, 
Linux,  Sun  Solaris, Shell  Scripts, 
Perl,  Visual  Source  Safe, 
WebLogic,  Rational  Rose, 
Clearquest.  JMS,  JDBC,  JSP, 
HTML,  VB,  PB,  Jbuilder,  Visual- 
studio.  Clearcase,  VxWorks  etc. 
Req'd  Masters  in  CS,  Eng,  Math, 
or  MIS,  2  yrs  exp  in  job  or  Prog 
Analyst  or  Syst  Analyst  or 
Bach's  with  5  yrs  as  Prog 
Analyst  or  syst  analyst.  25% 
travel  req.  40  hr/wk,  mon-fri, 
9am  to  6  pm  $102.690/yr.  Send 
2  copies  of  resumes  to  Job 
Order  #  2004-104.  PO  Box  989, 
Concord,  NH  03302-0989 


Software  Engineer  (Merrimack): 
Research,  design  &  dev  com¬ 
puter  software  syst  in  conjunc¬ 
tion  with  hardware  product 
development.  Consult  with  hard¬ 
ware  eng  &  other  eng  staff  to 
evaluate  interface  between 
hardware  &  software,  &  opera¬ 
tional  &  performance  require¬ 
ments  of  overall  system.  Provide 
technical  guidance  on  client  pro¬ 
jects  Will  use  Win  NT/2000/ 
98/95,  Oracle,  UNIX,  XML, 
UML,  WebLogic,  WebSphere, 
Java.  EJB,  JDBC,  JNDi,  J2EE. 
JSP,  HTML,  HTTP,  TCP/IP, 
WAP.  HDML,  UPSDK,  RMI. 
Rational  Clear  Quest,  Sun 
Solaris,  Jbuilder,  Visual  Cate, 
Rational  Rose  VB,  SQL, 
PL/SQL  etc.  Req  d  Bach’s  in  CS, 
Eng,  Math  or  MIS,  5  yrs  exp  in 
job  or  Prog  Analyst  or  Syst 
Analyst  or  Masters  with  2yrs  as 
Prog  Analyst  or  syst  analyst  40 
hr/wk,  rnon-fri.  9am  to  6  pm 
$102.690/yr.  Send  2  copies  of 
resumes  to  Job  Order  #  2004- 
588,  PO.Box  989,  Concord,  NH 
03302-0959 
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Forums  produces  educational  events 
.  .  _  _  and  executive  forums  worldwide, 

Events  end  Executive  Forums  jnc^iuding  our  one  day  Technology  Tours, 
customized  on-site  training,  and  executive  forums  such  as  DEMO®, 
DEMOmobite®,  and  VORTEX,  as  well  as  the  DEMOletter  and  VORTEX 
Digest  newsletters.  For  complete  information  on  our  current  seminar 
offerings,  call  us  at  800-643-4668  or  go  to  www.nwfusion.com/events. 


Publicize  your  press  coverage  in 
Network  World  by  ordering  reprints  of 
your  editorial  mentions.  Reprints 
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FDA  medical  device  security  policy 

The  Food  and  Drug  Administration  promises 
to  take  these  actions  designed  to  ensure  the 
security  of  medical  devices. 

•  Issue  guidance  reminding  manufacturers  that  the  FDA  will 
take  regulatory  action  if  they  don't  patch  devices  and  lock 
down  unnecessary  medical  programs. 

•  Set  minimum  standards  for  the  networking  of  medical  devices. 

•  Establish  forensic  capabilities  that  would  let  the  FDA 
investigate  breaches  and  compromises  of  medical  equipment, 
and  coordinate  with  law  enforcement. 


FDA 

continued  from  page  1 

(FDA)  to  put  pressure  on  manu¬ 
facturers,  which  by  law  must 
authorize  the  patch  after  testing 
it  to  see  if  it  might  have  a  nega¬ 
tive  impact  on  the  medical 
application. 

In  turn,  manufacturers  have  put 
the  blame  on  hospitals,  saying 
they  have  to  do  a  better  job  with 
security  such  as  including  inter¬ 
nal  firewalls  and  intrusion-pre¬ 
vention  systems. 

Last  week,  FDA  Deputy  Director 
Brian  Fitzgerald  outlined  three 
initiatives  to  improve  a  deteriorat¬ 
ing  security  situation. 

Speaking  at  the  annual  IT  Con¬ 
ference  organized  by  the  Depart¬ 
ment  of  Veterans  Affairs  (VA),  he 
said  the  agency  won’t  tolerate 
medical-device  manufacturers 
failing  to  keep  equipment  up  to 
date  with  security  patches. 

As  a  penalty,  Fitzgerald  said,  the 
FDA  will  withhold  regulatory 
approval  on  equipment  submit- 


■  BY  CARA  GARRETSON 

Vanquish  plans  to  halt  un¬ 
wanted  e-mail  messages  by  mak¬ 
ing  spammers  pay  but  critics  of 
this  system  say  it  requires  wide¬ 
spread  adoption  to  be  effective. 

The  company  sells  e-mail  soft¬ 
ware  backed  by  a  service  that 
implements  its  bonded  e-mail 
program.  When  Vanquish  senders 
—  confident  that  recipients  of 
their  e-mails  won’t  view  them  as 
spam  —  post  a  bond  with  the 
company,  their  messages  carry  a 
button  that  lets  recipients  report 


Southborough,  MA  01772-9108,  (508)  460-3333. 

Periodicals  postage  paid  at  Southborough, 
Mass.,  and  additional  mailing  offices.  Posted 
under  Canadian  International  Publication  agree¬ 
ment  #40063800.  Network  World  (ISSN  0887-7661) 
is  published  weekly,  except  for  a  single  combined 
issue  for  the  last  week  in  December  and  the  first 
week  in  January  by  Network  World,  Inc..  118 
Turnpike  Road.  Southborough,  MA  01772-9108. 

Network  World  Is  distributed  free  of  charge  in 
the  U.S.  to  qualified  management  or  professionals. 

To  apply  for  a  free  subscription,  go  to  www.sub- 
scribenw.com  or  write  Network  World  at  the 
address  below.  No  subscriptions  accepted  with¬ 
out  complete  identification  of  subscriber's  name, 
job  function,  company  or  organization.  Based  on 
the  information  supplied,  the  publisher  reserves 
the  right  to  reject  non  qualified  requests. 
Subscriptions:  1-506  490-6444 

Nonqualified  subscribers:  $5.00  a  copy;  US. 
$129  a  year;  Canada  $160.50  (including  7%  GST. 
GST#126669952):  Central  4  South  America  - 
$150  a  year  (surface  mail);  Europe  $205  a  year 
(surface  mail),  all  other  countries  -  $300  a  year 
(airmail  service).  Four  weeks  notice  is  required 
for  change  of  address.  Allow  six  weeks  for  new 
subscription  service  to  begin.  Please  include 
mailing  label  from  front  cover  of  the  publication. 


ted  by  manufacturers  deemed  to 
have  a  bad  track  record  on 
patching.“They  won’t  be  able  to 
have  certification  for  new 
devices,”  he  said. 

This  get-tough  approach,  which 
will  go  out  in  a  guidance  letter, 
represents  a  sharpening  in  en¬ 
forcement  of  FDA  regulations 
Section  510(k)  and  518.  Those 
rules  give  the  FDA  power  to  set 
baselines  for  safety  and  security 

The  FDA  also  has  planned  two 
new  efforts  to  improve  security  of 
medical  equipment.  Guidelines 
to  be  issued  in  the  next  six 
months  will  detail  how  the  FDA 
expects  device  manufacturers  to 
be  building  and  testing  “network- 
able,  networthy  medical  devices,” 
Fitzgerald  said. 

Largely  inspired  by  the  Air  Force 
medical-device  evaluation  pro¬ 
gram  launched  last  fall  that’s  in¬ 
tended  to  keep  unpatched  med¬ 
ical  equipment  off  Air  Force  net¬ 
works,  the  FDA  technical  guide 
will  be  aimed  at  helping  manu¬ 
facturers  achieve  “technical  ex- 


the  email  to  Vanquish  as  spam, 
and  extract  a  small  fee  for  doing 
so.  In  September,  the  company 
will  let  ISPs  and  corporations  det¬ 
ect  incoming  email  carrying  Van- 
quish’s  seal  that  certifies  the 
sender  has  posted  a  bond  by  pur¬ 
chasing  the  company’s  new  serv¬ 
er  appliance  or  hosted  service. 

The  idea  behind  the  system  is 
emailers  should  be  so  sure  that 
recipients  want  to  read  their  mes¬ 
sages  that  they’ll  put  money  on  it, 
therefore  weeding  out  spammers 
and  giving  legitimate  commercial 
e-mailers  a  way  to  ensure  their 
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cellence,”  Fitzgerald  said. 

The  Air  Force  requires  device 
manufacturers  to  test  Windows, 
Unix,  Oracle  and  other  applica¬ 
tions,  and  adhere  to  a  regimen  of 
responding  to  patching  require¬ 
ments  based  on  security  bulletins. 

The  third  FDA  regulatory  effort 
will  involve  the  FDA  setting  up 
forensics  capability  to  examine 
devices  infected  by  computer 
worms  or  other  malware  and 
track  down  the  culprits.  In  addi¬ 
tion,  the  FDA  will  create  an  inves- 


message  gets  through,  says 
Vanquish  CEO  Philip  Raymond. 
“The  sender  ought  to  know 
whether  you  want  it  or  not;  the 
key  is  forcing  the  sender  to  be  the 
filter’’  he  says. 

Active  Internet,  an  ISP  with 
5,000  customers,  is  testing  the 
Vanquish  system  and  intends  on 
replacing  its  anti-spam  filters 
with  the  system.  “We  like  to  get 
unsolicited  e-rnail,but  we  want  it 
targeted  to  what  we’re  interested 
in,”  says  Active  Internet’s  CEO 
Kenneth  Slaughter.  “Vanquish 
addresses  that;  it  allows  people  to 
send  you  unsolicited  e-mail,  but 
they  better  know  you’re  interested 
or  they’ll  be  penalized.” 

To  prevent  abuses  of  its  system, 
Vanquish  has  developed  a  set  of 
conditions  that  dictate  when  a 
recipient  can  report  a  message  as 
spam.  For  example,  if  the  recipi¬ 
ent  visited  the  sender’s  Web  site 
and  signed  up  to  receive  e-mail  or 
has  corresponded  with  the 
sender  before,  that  sender  can’t 
be  penalized.  Recipients  also 
only  have  72  hours  from  when  an 
e-mail  was  received  to  report  it  as 
spam  by  pressing  a  button  em¬ 
bedded  in  the  email  and  usually 
pays  the  recipient  5  cents. 

Yet  competitors  say  such  a  sys¬ 
tem  won’t  be  effective  unless 
widely  used. 

“Getting  all  the  legitimate  bulk 
senders  of  email  in  the  world  to 


tigative  arm. 

This  idea  evoked  skepticism. 

“Why  would  the  FDA  want  to 
create  their  own  G-men  when 
there  are  already  a  bunch  of  ex¬ 
perts  at  the  FBI  at  work?”  asked 
Steve  Wexler,  biomedical  engineer 
at  the  VA  who  helped  the  VAs  net¬ 
work  staff  design  security  for  med¬ 
ical  equipment  atVA  hospitals.’lf 
someone  wants  to  poison  a  med¬ 
ical  device,  that’s  a  criminal  act 
the  FBI  should  be  involved  in.” 

Wexler  is  gung-ho  on  the  FDAs 


adopt  it  is  an  enormous  assump¬ 
tion.  .  .  .  It's  just  unrealistic,”  says 
Andrew  Lochart,  director  of  prod¬ 
uct  marketing  with  anti-spam  ser¬ 
vice  provider  Fbstini.a  competitor 
to  Vanquish.  “It’s  a  tax  on  legiti¬ 
mate  senders,  and  the  whole  idea 
is  to  be  taxing  the  spammers.” 

Acknowledging  that  this  bond¬ 
ed  system  won’t  reach  its  poten¬ 
tial  until  it  has  attracted  many 
users,  Vanquish  has  included 
other  anti-spam  techniques  with 
its  product,  such  as  a  challenge- 
response  feature  and  whitelists  of 
authorized  senders. 

Although  other  companies 
such  as  IronFbrt  have  a  bonded 
component  to  their  blacklists, 
meaning  e-mailers  can  put  up  a 
bond  to  be  taken  off  IronFbrt’s  list 
of  known  spammers,  Vanquish 
says  it’s  unaware  of  another  com¬ 
pany  offering  a  bond  system  for 
both  senders  and  receivers. 

The  Vanquish  server  appliance 
or  hosted  service  will  cost  organi¬ 
zations  between  19  cents  and  27 
cents  per  user,  per  month, accord¬ 
ing  to  the  company 

The  company  says  bonds  range 
in  price,  depending  on  whether 
the  recipient  has  asked  to  receive 
e-mails  from  the  sender  and  other 
factors.  In  the  case  where  the 
sender  is  very  confident  the 
recipient  is  interested,  a  $5  bond 
would  cover“tens  of  thousands  of 
e-mails,”  Raymond  says.  ■ 


other  ideas. 

“The  more  information  we  can 
share  on  the  existing  regulations 
and  how  to  apply  them  is  great 
for  everybody  he  said. 

Conference  speakers  talked  of 
the  growing  security  threat. 

“As  medical  devices  are  net¬ 
worked,  threat  sources  are  ex¬ 
panded,  endangering  all  systems 
attached  to  the  network,  including 
healthcare  partners,  hospital  infor¬ 
mation  infrastructures,  patient 
data  and  applications,”  Kenneth 
Kizer,CEO  of  the  National  Quality 
Forum,  said. 

Kizer  described  a  list  of  prob¬ 
lems,  ranging  from  anti-virus  soft¬ 
ware  installed  by  an  end  user  on 
a  GE  Medical  Systems  devices 
that  crashed  it,  taking  days  to  re¬ 
store,  to  the  Blaster  worm  infect¬ 
ing  Kodak  Imaging  Systems  radi¬ 
ography  servers. 

In  addition,  Kizer  said  there  is 
the  problem  of  the  insider  threat, 
such  as  the  case  of  Christopher 
Scott  Sandusky  who  two  years  ago 
admitted  to  unlawfully  accessing 
the  network  of  a  Las  Vegas  firm, 
Steinberg  Diagnostic  Medical 
Imaging,  and  locking  the  employ¬ 
ees  out  of  their  own  system. The 
computer  consulting  company 
that  helped  set  up  the  Steinberg 
medical  imaging  system  had  fired 
Sandusky 

National  Quality  Forum  plans  to 
hold  meetings  with  industry  rep¬ 
resentatives  to  address  the  range 
of  problems,  he  said. 

Ultimately,  hospitals  and  manu¬ 
facturers  have  to  take  steps  to  do 
what  they  can  to  minimize  secu¬ 
rity  risks,  several  VA  officials  said. 

The  VA  has  established  what  it 
calls  the  Health  Information 
Security  Division  (HISD)  in  Mar- 
tinsburg,  WVa.,  to  test  medical 
equipment  based  on  commercial 
off-the-shelf  products.  HISD  is 
working  with  the  Department  of 
Defense  to  publish  a  set  of  guide¬ 
lines  early  next  year  for  assessing 
medical  equipment. 

Hal  Haislip.WAN  manager  for 
the  VAs  Integrated  Service  net¬ 
work  in  Little  Rock,  Ark.,  said  the 
VA  tries  to  make  sure  unneces¬ 
sary  software  features  in  both 
Windows-  and  Unix-based  med¬ 
ical  equipment  is  either  turned 
offer  removed. 

“If  you  look  at  Unix  devices, 
there  is  a  default  mode  that  en¬ 
ables  telnet,  ftp  and  sendmail.  We 
are  trying  to  get  these  unused  ser¬ 
vices  locked  down  and  turned 
off,  so  when  th.:  device  comes  to 
you  it  will  have  fevi'er  vulnerabili¬ 
ties,”  he  said 

“A  CT  scanner  doesn’t  need  a 
mail  client,”  Wexler  noted.  “That’s 
what’s  getting  patched.’  K 


Vanquish  lights  the  economics  of  spam 
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So  after  expending  2  million 
years  of  accumulated  CPU  time 
and  analyzing  50T  bytes  of  data 
—  are  we  alone? 

“We  still  don’t  know  the  answer 
to  the  big  question,” says  Dan 
Wertheimer,  chief  scientist  for  the 
SETI@Home  project  and  the 
director  of  the  Search  for  Extra 
Terrestrial  Intelligence  (SET1) 
program  at  UC  Berkeley“We 
haven’t  bugged  any  aliens  yet.” 

But  this  wasn’t  a  bummer  to  the 
world’s  top  ET  scientists,  who 
congregated  at  Harvard  Univer¬ 
sity  for  last  week’s  SET1  Sympo¬ 
sium.  Dozens  of  astronomy  Ph.D.s 
spent  two  days  discussing  strate¬ 
gies  for  detecting  intelligent  life 
in  the  universe. 

“I’m  optimistic  that  earthlings 
will  find  ETs  in  the  long  run,” 
Wertheimer  says, “But  don’t  hold 
your  breath.” 

With  the  one-in-a-billion  odds 
of  a  SETI@Home  PC  finding  an 


alien  radio  signal,  many  volun¬ 
teers  have  turned  the  project 
into  a  kind  of  PC  hot-rodding 
contest,  where  users  soup  up 
their  machines  in  a  race  to  pro¬ 
duce  the  most  work  units  —  the 
chunks  of  radio  waves  distrib¬ 
uted  by  SETI@Home  to  clients. 
The  SETl@Home  software  also 
has  become  a  tool  for  testing 
and  benchmarking  computer 
performance  among  IT  profes¬ 
sionals  and  some  server  vendors. 

SETI@Home  starts  with  Cornell 
University’s  Arecibo  Observatory 
radio  telescope  in  Puerto  Rico 
— -  a  dish  three  times  the  size  of 
the  new  Olympic  Stadium  in 
Athens,  Greece  —  which  collects 
radio  noise  from  distant  stars. 
The  data  is  recorded  on  tapes 
that  are  sent  to  Berkeley  where 
servers  break  them  into  chunks 
and  make  them  available  over 
the  Internet.The  5  million  PCs 
worldwide  that  have  the 
SETI@Home  screen-saver  pro¬ 
gram  installed  can  download 
chunks  of  signals  and  look  for 


Companies  play 
nice  in  front  of  W3C 

■  BY  JOHN  FONTANA 

IBM,  Microsoft, BEA  Systems  and  newfound  partners  Sun  and  SAP  last 
week  submitted  to  a  major  standards  body  a  protocol  that  will  help 
accelerate  the  development  of  other  standards  for  building  secure  and 
reliable  Web  services  applications. 

The  submission  of  WS-Addressing  to  the  World  Wide  Web  Consortium 
(W3C)  marks  a  cooling  of  standards  battles  between  Sun  and  the 
IBM/Microsoft  duo.  Sun,  Oracle,  Iona  Technologies  and  Nokia  were 
developing  a  similar  specification  called  WS-MessageDelivery  and  the 
two  efforts  now  will  merge. 

WS-Addressing  is  a  foundation  for  a  number  of  specifications  that 
corporations  are  demanding  for  Web  services,  including  those  for  secu¬ 
rity,  reliable  messaging,  transport  and  process  workflow. 

“At  each  of  those  layers  you  need  an  addressing  specification,”  says 
Karla  Norsworthy  director  of  dynamic  ebusiness  technologies  at  IBM. 
“So  we  are  developing  a  single  specification  that  works  across  them  all.” 

WS-Addressing  ensures  that  as  messages  wind  their  way  across  fire 
walls,  gateways,  multiple  Web  services  and  transport  technologies,  that 
the  sender  and  receiver  are  always  known.  WS-Addressing  also  can 
specify  how,  when  or  if  a  system  must  acknowledge  that  a  message 
successfully  has  made  another  hop  across  its  intended  path. 

Norsworthy  says  IBM  and  Microsoft  are  glad  to  have  Sun  join  in 
because  the  broad  support  helps  fuel  momentum. 

It  also  might  help  align  other  specification  development  efforts.  Sun 
is  leading  development  on  a  separate  process  workflow  specification 
from  the  one  that  Microsoft  and  IBM  proposed.There  are  also  two  com¬ 
peting  specifications  for  reliable  messaging. 

Norsworthy  says  the  WS-Addressing  specification  was  submitted  to 
the  W3C  because  that  group  is  focusing  on  infrastructure  specifica¬ 
tions,  such  as  Simple  Object 
Access  Protocol.  IBM  and  Micro¬ 
soft  have  submitted  network  spec¬ 
ifications  such  as  WS-Security  to 
the  Organization  for  the  Advance¬ 
ment  of  Structured  Information 
DocFinder  5434  www.nwfusion.com  Standards.  M 
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For  SETI@Home  users,  when  their  PCs  sleep,  this  screen  saver  searches 
for  extraterrestrial  radio  waves. 


patterns  in  the  noise.The 
processed  work  units  are  then 
sent  back  to  Berkeley’s  SETI 
computer  lab  —  a  storage  closet 
in  the  astronomy  department 
where  the  servers  are  kept. 

SETI@Home’s  Web  site  keeps  a 
leader  board  for  the  top  work- 
unit  workhorses.  Statistics  show 
individual  performances  and 
SETI@Home  groups,  which 
include  corporations  such  as 
Boeing,  Sun,  HP  and  Cisco,  and 
organizations  such  as  Ohio 
University,  the  University  of  Leeds 
in  England  and  theTempe,Ariz., 
Union  High  School  District. 

“It’s  hard  to  say  whether  the 
main  motivation  for  people  run¬ 
ning  the  program  has  more  to  do 
with  scientific  goals  or  with  the 
competition  for  work  units,” says 
David  Anderson,  director  of  the 
SETI@Home  project,  who  wrote 
the  screen-saver  software.“The 
competitive  aspect,  having  the 
fastest  computer  on  the  block,  is 
probably  the  main  driving  force.” 

Anderson  says  the  most  enthu¬ 
siastic  users  tweak  their  comput¬ 
ers’  CPUs  to  squeeze  out  every 
megahertz  of  performance  for 
processing  work  units. 

The  technique  known  as  “over¬ 
clocking”  is  used  by  many  of  the 
leaders  on  the  SETI@Home 
scoreboard  —  most  notably 
Overclockers  UK,  a  group  of 
British  PC  enthusiasts  that  runs  a 
Web  site  for  building  super-fast 
PCs.  Enormous  computer  cool¬ 
ing  fans,  special  gels  that  dissi¬ 
pate  heat  on  a  CPU’s  surface  and 
water  cooling  systems  are 
among  the  items  for  sale  on 
http://overclockers.co.uk. 

According  to  the  groups  Web 
site,  Overclockers  UK’s  SETI@ 
Home  goal  is  “to  wave  the  U.K. 
flag  for  all  the  world  to  see  by 
reaching  the  top  position  and 
proving  to  the  rest  of  the  world 
that  U.K.  overclockers  are  indeed 
a  force  to  be  reckoned  with.” 

SETI@Home’s  Anderson  cau¬ 
tions  that  overclocking  a  PC  can 


produce  erroneous  results  on 
work  units.That’s  why  all  work 
units  are  sent  out  twice,  and  the 
results  compared,  to  ensure  there 
are  no  errors.  If  the  results  of  a 
work-unit  pair  are  out  of  sync, 
both  work  units  are  cancelled 
and  sent  out  again. 

SETI@Home,  at  work 

Some  IT  folks  who  run 
SETI@Home  use  it  at  work  be¬ 
cause  it  makes  a  great  tool  for 
testing  the  performance  of  new 
machines. 

SETI@Home  “is  a  very  good 
[benchmark]  of  real  server  work¬ 
loads,”  says  Leon  Parkhouse, 
director  of  technology  at  Drake 
Institute  for  Behavioral  Medicine 
in  Los  Angeles.“If  I’m  putting 
together  new  systems  and  I  want 
to  know  how  quick  they’re  going 
to  run,  I’ll  use  SETI@Home.” 

Parkhouse,  who  has  an  interest 
in  astronomy  and  science,  start¬ 
ed  using  SETl@Home  three 
years  ago  on  old  machines  he 
brought  home  from  work  — 
some  Digital  Alpha  servers  and 
a  few  late-model  Pentium 
machines.  He  runs  four  comput¬ 
ers  in  his  basement  dedicated 
to  SETI@Home. 

But  Parkhouse  doesn’t  use  his 
main  SETI@Home  username  on 
the  work  machines,  however. 
“That  would  really  affect  my 
score,”  because  the  machines  he 
runs  at  home  are  faster  than 
most  PCs  in  the  office.  He  re¬ 
cently  passed  5,000  work  units, 
commonly  seen  as  a  milestone 
separating  the  curious  user  from 
dedicated  enthusiast. 

Pushing  the  grid  envelope 

With  more  than  70  teraflops  of 
computer  power,  the  SETI@ 

Home  project  is  one  of  the  lar¬ 
gest  examples  of  grid  computing. 

Sun  donated  much  of  the  hard¬ 
ware  Anderson  and  his  col¬ 
leagues  used  to  set  up  the  grid 
system  for  distributing  work  units 
over  the  Internet. 


“If  someone  were  to  write  a  his¬ 
tory  of  grid  computing,  I  think 
SETI@Home  would  be  a  big 
chapter;”  says  Joerg  Schwartz, 
senior  program  manager  for 
external  research  at  Sun. 

“We  thought  the  idea  of  intro¬ 
ducing  peer-to-peer  computing 
—  harvesting  compute  cycles 
otherwise  not  utilized  for  the 
advancement  of  science  —  was 
a  good  idea,”  Schwartz  says.The 
idea  was  new,  and  it  inspired  us 
to  do  a  lot  of  things.”  Many  of 
the  architectural  concepts 
behind  Sun’s  JXTA  programming 
language  for  peer-to-peer  net¬ 
working  were  inspired  by  SETI@ 
Home,  he  adds. 

Sun  is  also  among  the  top  10 
corporate  work-unit  producers, 
thanks  to  a  large  group  of  devel¬ 
opers  at  Sun  who  use  SETI@ 
Home  as  an  every-day  screen 
saver.  Also,  a  few  Sun  computer 
labs,  where  benchmarking  is 
done  and  operating  systems  are 
“burned  in”  to  hardware,  use 
SETI@Home  to  give  machines  a 
CPU  workout. 

“You  have  to  run  something,” 
Schwartz  says, “so  you  might  as 
well  run  SETl@Home." 

The  search  for  ET,  and  beyond 

Some  might  think  one  of  the 
world’s  largest  supercomputers 
could  be  put  to  better  use. 
SETI@Home’s  Anderson  is  work¬ 
ing  on  that  too. 

“There  are  a  whole  bunch  of 
areas  where  unlimited  comput¬ 
ing  power  would  let  you  do  the 
kind  of  science  you  couldn’t  do 
before,”  Anderson  says.  New  soft¬ 
ware  developed  by  Anderson 
called  Berkeley  Open  Infrastruc¬ 
ture  for  Network  Computing 
(BOINC)  lets  users  choose  from 
several  projects  for  devoting 
unused  CPU  cycles.  Among 
some  of  the  projects  in  develop¬ 
ment  for  BOINC  are  a  program 
that  evaluates  the  behavior  of 
black  holes.  Closer  to  Earth, 
Climateprediction.net  will  use 
BOINC  to  crunch  data  on  world 
temperatures  to  more  accurately 
predict  the  weather. 

But  for  those  behind  SET1@ 
Home,  finding  ET  is  still  para- 
mount.“We’re  just  beginning  to 
comb  the  cosmic  haystack,” 
SETI@  Home's  chief  scientist 
Wertheimer  says. 

“Sun  does  not  have  an  official 
position”  on  the  existence  of 
aliens,  Sun’s  Schwartz  says.“But 
wouldn’t  it  be  terrible  if  we  were 
the  only  intelligent  life  forms  in 
all  of  the  universe?"* 
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HP  Blades,  now  in  a  bundle,  which  is  exactly  what  you' 


save. 


Save  over  30%  with  our  blade  bundle  featuring  two  HP  ProLiant  BL20p  Blade  Servers,  powered  by  Intel®  Xeon™  processors,  and  get  the  power  to 
make  network  management  simple  and  affordable.  You'll  save  on  deployment  time  too,  thanks  to  this  ready-to-go  package.  Sure,  modular  design 
leaves  room  to  expand  later,  but  HP  Blade  Servers  can  also  make  a  big  impact  on  your  total  cost  of  ownership  in  the  meantime.  Our  management 
software  boosts  productivity  and  cuts  reconfiguration  efforts  from  days  to  minutes.  And  because  your  time  is  money,  the  BL20p  features  fully 
redundant  technologies  to  reduce  costly  downtime.  While  our  #1  ranking  in  lntel®-based,  server-customer  satisfaction  is  one  reason  we  recently  became 
the  first  to  sell  over  1  00,000  blade  servers,  there's  more  than  one  reason.  You  also  get  the  advice  and  support  of  HP  and  our  local  partners— -well 
before  and  long  after  you  buy.  Even  when  you  buy  at  more  than  30%  off. 


Save  33% 


Get  the  HP  ProLiant  BL20p  bundle, 
and  you'll  save  big  compared  to 
the  cost  of  buying  the  two  servers 
and  accessories  separately. 


HP  PROLIANT  BL20p  BLADE 
SERVER  BUNDLE 

^  Lease  for  as  low  as 

/  /  $375  a  month' 

•  (2)  BL20p  Blade  Servers 
Each  Blade  Server  includes: 

-  (2)  Intel®  Xeon™  processors  3.06GHz-512k 

-  (3)  10/100/1000  NICs  +  (1)  10/100  iLO  NIC 

-  1GB  DDR  memory2 

•  p-Class  blade  enclosure 

•  p-Class  single  phase  power  enclosure 
with  2  power  supplies 

•  Mini  bus  bar  kit 

•  (8)  Rapid  Deployment  Pack  licenses 


Download  information  about  HP  Blade  servers. 

Read  a  white  paper  highlighting  total  cost  of  ownership  and  the  Factiva  and 
iSource  case  studies  demonstrating  ROI. 


CALL 

1-877-726-8112 

CLICK 

hp.com/go/blades9 

visit  your  local  HP  reseller 
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BackSpin 


Mark  Gibbs 


Leashing  the  dogs  of  law 


After  last  week’s  BackSpin  about 
lawyers  shutting  down  Napster 
and  321  Studios  there  was  a 
surge  in  feedback.  Or  rather,  a  surge 
in  lawyer  jokes.There  were  some 
very  good  jokes  along  with  a  surpris¬ 
ing  number  that  can’t  be  printed  in  a 
nice,  family  oriented  journal  such  as 
this.  My  (clean)  favorite  is: 

The  devil  visited  a  lawyer’s  office  and  made  him 
an  offer:“I’ll  increase  your  income  fivefold,  make 
your  partners  love  you, your  clients  respect  you, 
ensure  you  have  four  months  of  vacation  and  let 
you  live  to  be  100.  All  I  require  in  return  is  that  your 
wife’s  soul, your  children’s  souls  and  their  children’s 
souls  rot  in  hell  for  eternity’ The  lawyer  thought  for  a 
moment  and  then  asked, “What’s  the  catch?” 

I  also  received  this  one  from  reader  Rich  Gierman. 
Question:  How  many  lawyer  jokes  are  there  really? 
Answer:  Only  2,  the  rest  are  true  stories. 

Anyway  before  any  lawyers  start  sending  letters  to 
me,  let  me  quote  reader  Steve  Goldman:“Blaming 
the  lawyers  for  this  is  silly.  It  is  the  policies  of  the  cor¬ 
porate  entities  that  employ  the  lawyers  and  lobby  on 
behalf  of  laws  like  the  Digital  Millennium  Copyright 
Act  that  are  the  issue.  What  you’re  doing  is  akin  to 
blaming  your  car  for  running  the  red  light.  If  their 
ethics  are  questionable,  what  do  you  say  about  the 


ethics  of  folks  who  hire  them?” 

An  excellent  point.The  lawyers  don’t  unilaterally 
decide  to  create  an  intimidating  environment;  the 
corporate  executives  are  the  ones  who  “pull  the 
trigger.” 

Once  the  trigger  is  pulled  the  lawyers  are  in  the 
business  of  gaming  the  system  on  behalf  of  their 
masters  and,  as  can  be  seen  from  cases  like  321 
Studios  and  Napster,  they  show  no  more  compunc¬ 
tion  than  their  masters  about  doing  whatever  it 
takes  to  win. 

So  in  the  case  of  the  fall  of  321  Studios  it  was  the 
likes  of  Jack  Valenti,  the  outgoing  president  and  CEO 
of  the  Motion  Picture  Association  of  America  and 
the  Motion  Picture  Association  and  his  staff  who 
pulled  the  trigger. 

Taken  to  its  logical  conclusion,  the  problem  of 
responsibility  could  be  considered  to  lie  with  the 
shareholders. They  have  the  power  to  demand  that 
the  executives  who  hire  the  lawyers  exercise  com¬ 
mon  sense  and  manage  the  work  of  their  legal 
dogs  such  that  they  behave  in  a  more  public  and 
socially  spirited  way  But  alas,  the  shareholders 
don’t  care. 

Ultimately  the  problem  is  cultural.  We  have  few 
“deep”  public  business  ethics  beyond  those  en¬ 
shrined  in  law  and  those  that  constitute  traditional 
“values.” 


www.nwfusion.com 


In  America  we  prize  competition  but  we  have 
developed  a  raw  and  inhumane  version  of  the 
free-market  philosophy.  Our  version  is  one  that  lets 
the  richest  players  wreak  havoc  on  anyone  they 
please  for  whatever  reason  they  choose,  while  we 
all  look  the  other  way  and  pretend  we  have  a 
level  playing  field. 

We  seem  to  have  lost  sight  that  when  it  comes  to 
technology  there  is  a  real  danger  that  creativity  and 
risk-taking  —  the  behaviors  that  drive  the  market  — 
can  be  completely  squashed  when  those  with 
extreme  economic  and  political  power  can  get  their 
way  simply  because  they  can. 

Combine  this  kind  of  bullying  with  the  ridiculous 
mess  of  the  patent  office  allowing  patents  on 
processes  such  as  Amazon’s  “One  Click,”  and  what 
do  you  get?  A  real  danger  that  lawyers  driven  by 
rapacious  executives  like  Valenti  will  kill  off  small 
companies  such  as  321,  dampening  the  vibrancy 
that  we  associate  with  the  technology  sector  and,  as 
a  consequence,  affecting  our  overall  economy 

We’re  all  guiltyYou, yes, you,  personally  need  to 
stand  up  and  be  counted.You  need  to  exercise  your 
voice  and  tell  the  government,  the  companies  you 
invest  in  and  the  organizations  you  work  for  that 
ethics  and  fair  play  matter. 

Cries  of  “Count  me  in"  to  backspin@gibbs.com. 
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News,  insights,  opinions  and  odditis 


By  Paul  McNamara 


E-mail's  declining  value 

Here's  how  rotten  phishing  has  gotten 
for  those  brand-name  companies  that 

are  most  targeted:  Some  are  promising  their  customers  that  they  will  never,  ever 
ask  them  a  question  of  any  kind  in  an  e-mail,  meaning  there  would  never,  ever  be 
any  reason  for  the  customer  to  volunteer  any  personal  information  in  response. 
No  questions,  no  answers,  no  phishing  victims,  or  so  the  theory  goes  —  it  isn't 
quite  that  simple. 

One  credit  card  company  went  so  far  as  to  toss  the  baby  out  with  the  bath 
water —  it  pulled  the  plug  on  customer- bound  e-mail  altogether  —  a  moratorium 
that  since  has  been  rescinded  but  nonetheless  should  sound  alarms. 

These  unsettling  stories  come  from  secure  e-mail  vendor  PostX,  whose  exec¬ 
utives  care  dearly  about  phishing  because  the  future  of  their  company  depends 
on  the  survival  of  e-mail  as  a  trustworthy  communications  channel  between 
major  companies  and  their  customers.  As  unthinkable  as  the  notion  might  be  to 
some,  that  survival  is  not  guaranteed  as  long  as  the  phishing  epidemic  remains 
out  of  control. 

“We  just  want  this  problem  to  go  away,"  laments  Cayce  Ullman,  who  recently 
was  bumped  up  from  PostX  CTO  to  CEO.  In  an  effort  to  hasten  the  problem's 
departure,  PostX  helped  launch  theTrusted  Electronics  Communications  Forum, 
one  of  a  handful  of  organizations  —  including  the  Anti-Phishing  Working  Group 
and  the  Online  Identity  Theft  Coalition  —  working  to  thwart  the  scam  artists. 

"Part  of  the  problem  is  that  if  you  start  to  have  these  rules  around  e-mail  — 
we'll  never  ask  you  a  question;  we’ll  never  drive  you  to  our  Web  site  —  that  also 
starts  to  decrease  the  value  of  the  e-mail  you're  sending,"  Ullman  says.  “E-mail  is 
the  killer  app,  and  for  organizations  to  lose  their  ability  to  use  it  —  use  it  at  all,  or 
with  links  in  it,  or  questions  —  greatly  diminishes  its  power." 

In  the  short  term,  heightened  worries  about  phishing  might  draw  customer 


attention  to  providers  of  secure  messaging  products  such  as  PostX. The  problem 
is  long-term. 

“PostX  is  really  concerned  about  phishing  because  the  majority  of  our  business 
is  based  on  selling  things  like  [secure  electronic]  statements  and  secure  mes¬ 
saging,"  Ullman  says.  "So  if  the  e-mail  channel  becomes  dirty  or  unsafe  or  noisy 
that’s  a  huge  problem.” 

The  rush  to  devise  anti-phishing  strategies  has  brought  with  it  unintended  con¬ 
sequences.  Scott  Olechowski,  vice  president  of  product  strategy  at  PostX,  tells 
the  story  of  a  banking  industry  customer  that  wanted  to  extend  its  use  of  PostX 
Envelope  from  commercial  accounts  to  consumers. 

"They  realized  they  had  a  policy  they  published  that  said  we'll  never  send  you  an 
e-mail  that  asks  you  any  questions.  And  one  of  the  questions  that  a  [PostX] 
Envelope  is  going  to  ask  you  is  your  password,”  Olechowski  says.  "So  they  had  a 
policy  that  prevented  them  from  deploying  this  to  their  retail  customers.” 

Moreover,  such  corporate  e-mail  policies  are  of  limited  value  in  the  first  place, 
Ullman  says. 

“The  problem  with  this  [policy]  approach  is  that  an  organization  deciding  they 
aren't  going  to  send  e-mail  doesn’t  prevent  a  spooferfrom  sending  e-mail  to  their 
customers,"  he  says. 

So  what  might  help  more?  PostX  has  “a  lightweight  signing  mechanism  that 
we're  going  to  put  forward  to  the  group  that  we  believe  is  as  good  a  solution  as 
we’ve  heard  of,"  Ullman  says,  although  the  company  is  by  no  means  married  to  its 
own  idea. 

"We  want  to  have  a  solution  that  is  open,  free,  non- proprietary  and  not  encum¬ 
bered  by  patents,”  he  says.  “We  want  buy-in  from  the  actual  [corporate]  victims. 
And  we  want  to  have  something  together  in  six  to  nine  months;  it  might  not  be  the 
ultimate  solution,  but  at  least  it  will  stop  the  hemorrhaging." 

Not  that  I'm  cool  enough  to  be  a  fan,  but  I’ve  wondered  what  the  rock  band  Phish 
makes  of  all  this.  The  address  is  buzz@nww.com. 


Chances  are  you  won’t  get  fired  for  buying  an  IPSec  or  SSL  VPN. 

Here’s  why  you  should  be. 


Tour  boss  hired  you  for  two  reasons.  One:  to  make  bold  decisions  that  improve  productivity.  Two:  to  make  your  boss  look  good.  Achieve 
both  goals  by  choosing  a  Net6  Hybrid-VPN.  Unlike  IPSec  VPNs,  it  provides  users  with  remote  access  through  firewalls,  prevents  the  traversal 
of  worms,  and  practically  eliminates  client  maintenance  costs.  And  SSL-VPN  weaknesses?  They’re  history.  Our  Hybrid-VPN  Gateway  supports 
all  applications  right  out  of  the  box.  No  changes,  costly  connectors  or  webification  needed.  Now  you  have  a  decision  to  make.  Tell  your  boss 
you’re  buying  a  Net6  Hybrid-VPN.  Or  buy  a  traditional  VPN  and  hope  he  never  reads  this  ad.  To  learn  more,  visit  WWW.net6. com/hybrid 
and  request  the  Hybrid-VPN  technical  white  paper. 


©  2004  Net6  and  Net6  Hybrid-VPN  Gateway  are  trademarks  of  Net6,  Inc. 
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FINALLY  A  WAY  TO  DETECT, 
ISOLATE,  AND  ELIMINATE 
VIRUSES  AND  WORMS 
AT  THE  NETWORK  LAYER. 


t  J  TREND 

KS  M  I  C  R  O 


Introducing  the  industry's  first  outbreak 
prevention  appliance —  only  from  Trend  Micro. 

Deadly  viruses  and  worms  are  now  attacking  at  the  transport  level.  Combat  these  evolving 
threats  with  Trend  Micro™  Network  VirusWall™ —  the  first  and  only  appliance  designed  to 
prevent  outbreaks  at  the  network  layer.  Detect,  quarantine,  and  eliminate  threats  as  they  occur. 
Assisted  by  our  award-winning  Enterprise  Protection  Strategy  and  security  experts,  you'll 
quickly  contain  viruses  and  worms  and  maintain  productivity.  Mission  accomplished. 


For  details  or  a  free  white  paper,  call  1.888. 58. TREND 
or  go  to  www.trendmicro.com/products/nvw 
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